So I just downloaded the latest FortiClient VPN from https://www.fortinet.com/support/product-downloads only to be greeted with “The digital signature on the installer package is invalid. Installation aborted.”.
When I view the details on FortiClientVPN.exe I see that the certificate is not valid (The digital signature of the object did not verify) so the error is accurate.
Can confirm. Happens for the binaries downloaded by the FortiClientVPNOnlineInstaller.exe wrapper on both client and server Windows SKUs, all fully updated, including the root cert stores. It looks like the signature on the file is malformed somehow, since the signing certificate as such has a valid certification path.
We are experiencing the same issue. A Customer reported first, that they tried to install it on multiple computers (win10) but got the error message mentioned above.
I tried it on my test environment (win10) and got the same error message. Looks like it is a problem on the Fortinet side…
I’m seeing invalid signature using windows 10 downloading from support.fortinet looks like a HashMismatch. The sha512 hash matches so either the issue is something like trying to double sign the executable or something much worse.
> Get-AuthenticodeSignature .\FortiClientVPNSetup_7.0.10.0538_x64.exe | Format-List
SignerCertificate : [Subject]
CN=Fortinet Technologies (Canada) ULC, O=Fortinet Technologies (Canada) ULC, L=Burnaby,
S=British Columbia, C=CA
[Issuer]
CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
[Serial Number]
0862DFFEC6E9332BFA93B2F187863642
[Not Before]
6/6/2021 7:00:00 PM
[Not After]
7/9/2024 6:59:59 PM
[Thumbprint]
0F38EA0AA959EA336C743AE18DC9E60A4FD58665
TimeStamperCertificate : [Subject]
CN=DigiCert Timestamp 2023, O="DigiCert, Inc.", C=US
[Issuer]
CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA, O="DigiCert, Inc.", C=US
[Serial Number]
0544AFF3949D0839A6BFDB3F5FE56116
[Not Before]
7/13/2023 7:00:00 PM
[Not After]
10/13/2034 6:59:59 PM
[Thumbprint]
66F02B32C2C2C90F825DCEAA8AC9C64F199CCF40
Status : HashMismatch
StatusMessage : The contents of file C:\Users\bengert\Desktop\FortiClientVPNSetup_7.0.10.0538_x64.exe might
have been changed by an unauthorized user or process, because the hash of the file does not
match the hash stored in the digital signature. The script cannot run on the specified
system. For more information, run Get-Help about_Signing.
Path : C:\Users\bengert\Desktop\FortiClientVPNSetup_7.0.10.0538_x64.exe
SignatureType : Authenticode
IsOSBinary : False
Having the same issue. Extracted the msi like I always do and upgraded my test computer on Friday. Ran the same exact file today and error pops. This is preventing me from adding it to my RMM software and deploying to a larger test group. Hoping it’s an issue on Forti’s side that gets fixed in a day or two.
It was still happening when I tested it yesterday. I used the “grab the decompressed version of the file from the temp folder” approach, and that worked.
This worked. I owe ya a beer! I had someone bring in their laptop for yearly health checks and one of the steps is to update their fortinet if its old. Theirs was old and if I wasn’t able to get it working they would have to come back to the office till its fixed.(they work at home and would of been pissed)
Your post was removed as it is in violation of one or more of our subreddit rules.
We do not permit the posting of any slanderous content to the subreddit.
We encourage you to express your opinion, but do so respectfully and with tact. Please ensure you also base your public posts on fact and leave out any undue bias toward other solutions or vendors that does not add any immediate value.
You may review the rules on the side-bar of the main page on r/Fortinet.