Manually Importing Root Code Signing Certificates - Windows
The SourceTree application and its installer are digitally 'signed' to ensure users can trust where it came from. This signature is usually validated by automatically following a chain of trust back to a Trusted Root Certificate Authority (CA). Depending on the configuration of the host OS it is then possible to prevent an application from running when is either unsigned or where the signature cannot be validated against a Trusted CA.
In most circumstances the Trusted Root Certificate should already be installed in the OS.
NB. SourceTree switched from using a digital signature reliant on a Thwate Root Certificate from here, https://www.thawte.com/roots/, to one using a DigiCert Root Certificate from here, https://www.digicert.com/digicert-root-certificates.htm, for v1.6.13 onwards.
When installing SourceTree if the OS is unable to validate the digital signature then the installation will fail with a message similar to this:
A file that is required cannot be installed because the cabinet file C:\ProgramData\Atlassian\SourceTree #.#.#\install\disk1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.
- Download the DigiCert Assured ID Root CA from here: https://www.digicert.com/CACerts/DigiCertAssuredIDRootCA.crt
- Double click on DigiCertAssuredIDRootCA.crt, this will open a new dialog.
- Check and click Install Certificate
- It should then be possible to re-run and complete the SourceTree installation.