The Installer Was Unable To Find Required Root Certificates Exclusive High Quality - Kepware

The root certificate issue is almost always caused by a on your local machine.

Kepware's KEPServerEX is widely considered the industry standard for industrial connectivity, though its installation process can be sensitive to modern security standards on older or air-gapped systems.

Why would such a root certificate be absent on a functional Windows machine? The answer lies in the evolution of operating systems and the fragmentation of industrial PC environments. Many factory-floor PCs run on legacy versions of Windows (7, Embedded Standard, or early Windows 10 builds) that have outdated or manually curated root certificate stores. Unlike consumer PCs that receive automatic updates via Windows Update, industrial PCs are often air-gapped or locked down to maintain stability, meaning they never receive the automatic root certificate updates released monthly by Microsoft. Consequently, when a newer Kepware installer—built and signed using a CA that came into prominence after the OS’s last update—runs on such a machine, the OS’s root store has no record of that CA. The installer queries the system, receives a “not found” response, and halts with the cryptic root certificate error.

Systems where automatic certificate updates are disabled via group policy. Solutions to Resolve the Installer Issue The root certificate issue is almost always caused

If the problem persists after trying the steps above, contact PTC Kepware support with the installer log – they can provide the exact thumbprint of the required root certificate for your product version.

The error message typically occurs during the installation or upgrade of Kepware products (such as KEPServerEX) when the Windows operating system lacks the necessary digital signatures to verify the installer's authenticity. This is common on systems without internet connectivity, those where Windows Updates are disabled, or older versions like Windows 7. Core Causes

Network security may prevent the installer from reaching certificate revocation list (CRL) servers. www.ptc.com 💡 Quick Solutions 1. Run Windows Update The answer lies in the evolution of operating

[Info] Check local computer, Trusted Root CAs, returned: -2146893807 [Info] CheckRootCert, GlobalSign Failed, returned: 0x65B [Info] CheckRootCert, VeriSign Failed, returned: 0x65B

Root certificates expire. Every 5-10 years, a major CA may sunset a root. Subscribe to PTC/Kepware security bulletins to know when they transition to a new signing certificate.

This error message, along with variations like "Installation failed. KEPServerEX-6.X is not trusted", typically appears during the installation of KEPServerEX or ThingWorx Kepware Server for versions from 5.20.396.0 to 7.0, or legacy versions up to 6.18. Several common scenarios lead to this issue: KEPServerEX-6.X is not trusted"

If you have followed all five solutions and still face the error, your Windows installation may have deeper corruption. Run sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth before contacting PTC Technical Support.

: If manual installation of root certificates does not work, it is recommended to open a support ticket at My Kepware for a remote session. PTC Community direct download links