New Azure CosmosDB Emulator v2.14.17 published? Now signature verification fails. ⚠️ A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

[aluty]

New Azure CosmosDB Emulator v2.14.17 published? Now signature verification fails.  

Get-AuthenticodeSignature -FilePath "$env:USERPROFILE\Downloads\azure-cosmosdb-emulator-2.14.17-ae439f25.msi"

SignerCertificate      : [Subject]
                           CN=Microsoft Azure Code Sign

                         [Issuer]
                           CN=AME CS CA 01, DC=AME, DC=GBL

                         [Serial Number]
                           36000001DF73819716BE32FD0D0002000001DF

                         [Not Before]
                           1/19/2024 5:33:44 PM

                         [Not After]
                           1/18/2025 5:33:44 PM

                         [Thumbprint]
                           1226440E939A24EB202C2A517CE13F8326EFDE60

TimeStamperCertificate : [Subject]
                           CN=Microsoft Time-Stamp Service, OU=nShield TSS ESN:7F00-05E0-D947, OU=Microsoft America Operations, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

                         [Issuer]
                           CN=Microsoft Time-Stamp PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

                         [Serial Number]
                           33000001F02A7C1D593BE61FAD0001000001F0

                         [Not Before]
                           12/6/2023 10:45:51 AM

                         [Not After]
                           3/5/2025 10:45:51 AM

                         [Thumbprint]
                           C228064A2AFE65B1D0B6CA8306298890CBBF69FF

Status                 : UnknownError
StatusMessage          : A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Path                   : $env:USERPROFILE\Downloads\azure-cosmosdb-emulator-2.14.17-ae439f25.msi
SignatureType          : Authenticode
IsOSBinary             : False

Comparing with previous version, Certification path 2.14.16 --> 2.14.17

Microsoft Root Certificate Authority 2011 --> ameroot
    Microsoft Code Signing PCA 2011 --> AME CS CA 01
        Microsoft Corporation --> Microsoft Azure Code Sign

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 5fdb4950-6ebf-979a-ec1d-8edf7858db71
• Version Independent ID: 46e9cb49-6b34-e355-b552-9b293c38814c
• Content: Release notes for the Windows (local) emulator - Azure Cosmos DB
• Content Source: articles/cosmos-db/emulator-release-notes.md
• Service: cosmos-db
• GitHub Login: @sajeetharan
• Microsoft Alias: sasinnat

[PesalaPavan]

@aluty Thanks for your feedback! We will investigate and update as appropriate.

[AjayBathini-MSFT]

@aluty Thank you for your feedback! I'd recommend working closer with our support team via an [Azure support request] (https://docs.microsoft.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request). Or you can leverage our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds. [Teams Q&A forum] (https://docs.microsoft.com/en-us/answers/topics/46488/office-teams-windows-itpro.html) for technical questions about the configuration and administration of Microsoft Teams on Windows. [Microsoft Teams Community forum] (https://answers.microsoft.com/en-us/msteams/forum?sort=LastReplyDate&dir=Desc&tab=All&status=all&mod=&modAge=&advFil=&postedAfter=&postedBefore=&threadType=All&isFilterExpanded=false&page=1) Thank you for your time and patience throughout this issue.

[aluty]

Verified signing fixed in version 2.14.18

Get-AuthenticodeSignature -FilePath "$env:USERPROFILE\Downloads\azure-cosmosdb-emulator-2.14.18-e2d1bbf7.msi" | Format-Table -AutoSize

SignerCertificate                        Status Path                                        
-----------------                        ------ ----                                        
C2048FB509F1C37A8C3E9EC6648118458AA01780 Valid  azure-cosmosdb-emulator-2.14.18-e2d1bbf7.msi