Header Shadow Image


Firefox: Firefox could not install the file at ‘URL’ because: Signing could not be verified

PROBLEM

Just today an issue came up for me installing the google toolbar.  (This Google toolbar has been in Beta for a while now, which caught my attention and may or should catch yours: Beta releases are buggy.  That may be beside the point though since I don't care as long as it does it's job well since some company's betas are better then other companies official releases.  🙂    )

I got this cryptic error:

Firefox could not install the file at

http://dl.google.com/firefox/google-toolbar-beta-linux.xpi

because: Signing could not be verified
-260

Below are a number of possible solutions for this issue.  If one doesn't work, give another a try:
 

SOLUTION 1

A required certificate or all of your certificates have the "This certificate can identify software makers." option disabled / unchecked.  Here's how to go about determening which one you need to check off.

DETERMINE THE CERTIFICATE

First you need to determine which certificate your .xpi file uses.  In this case we will look at the google-toolbar-beta-linux.xpi file:

  1. Make a temporary folder such as /tmp/workingonit
  2. Get the extension:
    $ wget http://dl.google.com/firefox/google-toolbar-beta-linux.xpi
  3. Check that it's there:
    ll google-toolbar-beta-linux.xpi
    932082 -rw-r–r– 1 root root 1280456 Jan 28 19:00 google-toolbar-beta-linux.xpi
  4. Extensions are zip files.  So we unzip them:
    $ unzip google-toolbar-beta-linux.xpi
  5. Find the file with the certificates (Something named .rsa should be it.):
    $ find ./ -name *.rsa
    ./META-INF/zigbert.rsa
    $
  6. Use strings command to print printable characters in file (Take note, what we highlighted below in orange will make sense a bit later on):
    $ /usr/bin/strings META-INF/zigbert.rsa|egrep -i "sign|cert"
    VeriSign, Inc.1
    VeriSign Trust Network1;09
    2Terms of use at https://www.verisign.com/rpa (c)041.0,
    %VeriSign Class 3 Code Signing 2004 CA0
    ,Digital ID Class 3 – Netscape Object Signing1
    /http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
    https://www.verisign.com/rpa0
    http://ocsp.verisign.com0?
    3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
    VeriSign, Inc.1705
    .Class 3 Public Primary Certification Authority0
    VeriSign, Inc.1
    VeriSign Trust Network1;09
    2Terms of use at https://www.verisign.com/rpa (c)041.0,
    %VeriSign Class 3 Code Signing 2004 CA0
    https://www.verisign.com/rpa01
     http://crl.verisign.com/pca3.crl0
    VeriSign, Inc.1705
    .Class 3 Public Primary Certification Authority
    VeriSign, Inc.1
    VeriSign Trust Network1;09
    2Terms of use at https://www.verisign.com/rpa (c)041.0,
    %VeriSign Class 3 Code Signing 2004 CA
    $
  7. Above tells us that the xpi file is signed with VeriSign and gives a few other details on it.  Now you have your info.  On to the second half of instructions.

ENABLE THE VERFICATION ON CERTIFICATE

  1. Start Firefox (if it isn't already).  This assumes FireFox version 3+ so menu item names below may differ for other FireFox versions but you should be able to browse to something that has a list of certificates (See image below).
  2. Go to Edit -> Preferences.  New panel appears.
  3. On the new panel, click Advanced category followed by the Encryption tab then View Certificates button.
  4. Browse down to VeriSign certificates.  You may see something similar to the below:
    FireFox Security Devices Config - Master Password
  5. Notice in the above image the highlighted certificate "Verisign Class 3 Public Primary Certification Authority" I've chosen.  It matches exactly what we got highlighted in orange earlier in step 6 from first part above.
  6. Click Edit on the highlighted.  You should be presented with three choices:
    This certificate can identify web sites.
    This certificate can identify mail users.
    This certificate can identify software makers.
  7. Check off "This certificate can identify software makers."
  8. Click Ok to save then Ok on other open panels or Save as the case may be and restart FireFox
  9. Try to download your extension again.  The error should be gone.
  10. You're done!
     


SOLUTION 2

Another possibility is to try to disable OCSP (Online Certificate Status Protocol).  Here's how to go about this:

  • Select Edit -> Preferences (Config panel should appear)
  • Click Advanced (Tab / Option )
  • Click Encryption sub Tab.
  • Click Validation button.
  • Uncheck "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates"

Download your file.  All should be well.

Repeat above to reenable OCSP again for other plugins, themes, etc.

Now if I could only remember what I wanted this crazy toolbar for anyway.  😀

Hope you Enjoy!  Cheers!

7 Responses to “Firefox: Firefox could not install the file at ‘URL’ because: Signing could not be verified”

  1. I had the same problem with Adblock Plus. The solution 1 worked for me.

    Thank you very much !

  2. Mee Too , I had problem with adblock install. Thanks for the solution.

  3. ok, not work reality ¬¬

  4. Thanks a load! The second one didn’t work for me (Firefox 3.5.6) but the 1st one did!

    I was trying to install Adblock Plus 1.1.3.

  5. Neither method works on Firefox under OpenSolaris 10 (2009.06) trying to load AdBlocker plus.

  6. I’m thinking it might have to do more with your FireFox version. You could try http://www.sunfreeware.com and see if there is a newer FireFox version available. If there is, you could try the Solaris pkgadd, ( Run man pkgadd to get a list of the other pkg* utilities) to update your Firefox with. I believe the Sun Freeware site might also include instructions on how to update packages.

    Good Luck!

  7. […] Firefox: Firefox could not install the file at ‘URL’ because: Signing could not be verified. […]

Leave a Reply

You must be logged in to post a comment.


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License