SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard eIDAS certificates SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates SSL ECC VMC certificates
E-signature Strong authentication (mTLS) S/MIME certificates
Test certificates CLM Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
TBS API TBSCertBot
SHA256: Browsers' compatibility ECC: Browsers' compatibility
FAQ
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Disable Sectigo Public Server Authentication Root R46 (2046) root

Some Microsoft products (such as IIS servers) have a root certification authority named "Sectigo Public Server Authentication Root R46" expiring in 2046 that interferes with Sectigo Public Server Authentication Root R46 intermediate certificate expiring in 2038.

It makes the CO-piBot test fail (Test a server certificate online) even if the certification chain has been correctly installed. The problem being that instead of using the intermediate certificate "Sectigo Public Server Authentication Root R46 (2038)", the server presents the root certificate "Sectigo Public Server Authentication Root R46 (2046)".

To resolve this issue, you need to move the problematic root certificate and disable automatic updating of certificate authorities (see Deactivate the certification authorities update on Windows 2003 and 2008).

Move the Sectigo Public Server Authentication Root R46 (2046) to the "untrusted" folder

1- Launch the MMC

  • Click   Start then select   Run and type mmc
  • Click on the   File menu and select   Add/Remove Snap in
  • Choose   Add, select   Certificates among the list of   Standalone Snap-in and click   Add
  • Choose   Computer Account and click   Next
  • Choose   Local Computer and click   Finish

2- Locate the certificate to move

  • on the left-hand tree-menu, expand   Certificates (local computer) 
    then   Trusted Root Certification Authorities 
  • also expand   Untrusted Certificates 
  • in the Trusted Root Certification Authorities list, locate the certificate 
    	Common Name - Sectigo Public Server Authentication Root R46
	Expiry Date - 21st March 2046
	SHA256 Thumbprint - 7BB647A62AEEAC88BF257AA522D01FFEA395E0AB45C73F93F65654EC38F25A06
  • drag it to the Certificates folder under Untrusted Certificates
  • repeat for Sectigo Public Server Authentication Root E46 
    	Common Name - Sectigo Public Server Authentication Root E46
	Expiry Date - 21st March 2046
	SHA256 Thumbprint - EC8A396C40F02EBC4275D49FAB1C1A5B67BED29A

3- Recreate the binding

After moving the root certificates, you will need to renew or remove and recreate the "binding" on the server and select your certificate again.

This is required to force IIS to refresh the certificate and certificate path it serves to clients.

4 - Check your certificate installation with Co-Pibot:

On your certificate status page (on your Certificates center) you'll see a 'Check your certificate' button. Click it to test your certificate installation.

Or else, check with our tool CoPibot here:
https://www.tbs-certificates.co.uk/php/HTML/testssl_verif.php

The problem persists?

In this case, you must open a support ticket with Microsoft.

Useful links