WORK AROUND
If a system does not have Root Certificate updates (because Microsoft updates have not been applied, or root certificate updates are disabled ["Turn off Automatic Root Certificates Update' option in Group Policy] )
and the MSI error is:
Error 1330.A file that is required cannot be installed because the cabinet file ...\Data1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 270 was returned by WinVerifyTrust,
importing, exporting, and deploying the certificate has been reported to work.
VeriSign's Class 3 Code Signing 2009 CA can also be downloaded from VeriSign to install.
To download a VeriSign Class 3 Code Signing CA, go to [Code Signing Certificate|http://www.verisign.com/support/verisign-intermediate-ca/code-signing-intermediate/index.html]
For the VeriSign Class 3 Code Signing 2009 CA for 6u15 and later, go to the section "If you Enrolled After May 17th, 2009 ..."
For the VeriSign Class 3 Code Signing 2004 CA for 6u14 and earlier, go to the section "If you Enrolled Before May 17th, 2009 ..."
(You may want to install the VeriSign Class 3 Code Signing 2009 CA at the same time.)
Click Select All and then copy (CTRL + C) the text.
Open notepad and paste (CTRL +V) the text.
Save as a plain text file with a .cer, for example "VeriSign Class 3 Code Signing 2009 CA.cer" or "VeriSign Class 3 Code Signing 2004 CA.cer"
Copy the .cer file to the systems.
Right-click on the .cer file and click Install Certificate. (Certutil.exe is a command-line utility for managing a Windows CA.)
You can see the VeriSign Class 3 Code Signing CAs installed in the Certificates snap-in (Run: certmgr.msc) under Intermediate Certification Authorities -> Certificates.
|
|
|
EVALUATION
Trying to better explain what I'd already found.
I could see how Windows Vista and Windows Server 2008 without Root Certificate updates (because Microsoft updates have not been applied, or root certificate updates are disable) would get Error 1330 with 6u15 and later.
I copied the workaround from the Evaluation to the WorkAround section.
This does not explain reports with Windows 7, where I could not duplicate on a virtual machine that never connected tothe internet.
I expect it worked because Windows 7 ships with the VeriSign's Class 3 Code Signing 2009 CA.
For 6u14 and earlier, Windows machines should already have the needed VeriSign Class 3 Code Signing 2004 CA.
|
|
|
EVALUATION
Any errors with a path into %APPDATA%\Sun\Java\jre1.6.0_*\Data1.cab would be with the offline installer.
#2 in http://forums.sun.com/thread.jspa?threadID=5352799
says logon to Vista as a different user, and install from there
#3 and #4 replied that that doesn't help on XP.
#6 in http://forums.sun.com/thread.jspa?threadID=5352799
said they had the problem until they registered the data1.cat file's certificate under "Trusted Publishers." http://support.microsoft.com/kb/822798.
I assume they meant Data1.cab from the offline installer.
This is not a workaround we could code.
#8, #9, and #10 in http://forums.sun.com/thread.jspa?threadID=5352799 are saying that regsrv32 /u initpki.dll" fixes the problem
(Under Method 4 from http://support.microsoft.com/kb/822798)
#6 in http://forums.sun.com/thread.jspa?messageID=10827866
got it working after downloading the current Verisign certificate
which his Vista workstations either didn't have it/weren't able to download
#8 in http://forums.sun.com/thread.jspa?messageID=10827866
had the problem on newly installed Windows Server 2008 machine, because we had previously enabled the "Turn off Automatic Root Certificates Update' option in Group Policy.
Evaluation #2 above explains how to download and install VeriSign's Class 3 Code Signing 2009 CA
|
|
|
EVALUATION
I would like information about any enterprise customers that are encountering Error 1330.
I am looking for more information about the environment and the repeatability of the problem.
|
|
|
EVALUATION
I could not duplicate Error 1330.A file that is required cannot be installed because the cabinet file ...\Data1.cab has an invalid digital signature
on a locked down (never a network connection) virtual machine with Windows 7 installed (no updates).
I copied jre1.6.0_17.msi and Data1.cab to the system using a USB drive (since there was no network), and from a command prompt run as administrator, ran "msiexec /qn /i jre1.6.0_17.msi" and it installed fine.
|
|
|
EVALUATION
If this problem is more prevalent wtiht 6u15, that can be explained by the facts that 6u10 through 6u14 used the VeriSign Class 3 Code Signing 2004 CA, and
6u15 and later uses the VeriSign Class 3 Code Signing 2009 CA.
If a system is firewalled and the MSI error is:
Error 1330.A file that is required cannot be installed because the cabinet file ...\Data1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 270 was returned by WinVerifyTrust,
importing, exporting, and deploying the certificate has been reported to work.
VeriSign's Class 3 Code Signing 2009 CA can also be downloaded from VeriSign to install.
To download a VeriSign Class 3 Code Signing CA, go to [Code Signing Certificate|http://www.verisign.com/support/verisign-intermediate-ca/code-signing-intermediate/index.html]
For the VeriSign Class 3 Code Signing 2009 CA for 6u15 and later, go to the section "If you Enrolled After May 17th, 2009 ..."
For the VeriSign Class 3 Code Signing 2004 CA for 6u14 and earlier, go to the section "If you Enrolled Before May 17th, 2009 ..."
(You may want to install the VeriSign Class 3 Code Signing 2009 CA at the same time.)
Click Select All and then copy (CTRL + C) the text.
Open notepad and paste (CTRL +V) the text.
Save as a plain text file with a .cer, for example "VeriSign Class 3 Code Signing 2009 CA.cer" or "VeriSign Class 3 Code Signing 2004 CA.cer"
Copy the .cer file to the systems.
Right-click on the .cer file and click Install Certificate. (Certutil.exe is a command-line utility for managing a Windows CA.)
You can see the VeriSign Class 3 Code Signing CAs installed in the Certificates snap-in (Run: certmgr.msc) under Intermediate Certification Authorities -> Certificates.
|
|
|
EVALUATION
This is a problem with how the user's system verifies the digital signature of the .cab file.
Windows Installer error message 1330 can be returned when WinVerifyTrust() - a security check that validates the digital signature against a file - fails to read the entire file.
http://blogs.msdn.com/heaths/archive/2007/12/14/how-to-workaround-error-1330-during-visual-studio-2008-installation.aspx says: "In general, Windows Installer error messages 1330 and 1335 can be worked around either by retrying the failing installation...
http://blogs.msdn.com/heaths/archive/2008/12/11/another-possible-workaround-for-error-1330.aspx says: "If you do not have Internet access, or have a restrictive firewall or proxy, setup may be failing to verify the signature because it cannot access the online certificate revocation list (CRL)."
The offline installer has a signed Data1.cab, so it could have this problem as well.
|
|
|
|
Java