How to resolve error 0x800b010a “Unable to verify the certificate chain”

Working with cryptographic utilities (CryptoPro, etc.) that use cryptographic protection tools and electronic signatures, users often encounter problems in creating an electronic document attribute. One of the frequent failures is an error with the code 0x800b010a and the description of the malfunction “Unable to verify the chain of certificates.” A problem arises under various conditions, for example, in the process of registering on a public procurement website or using a generated EDS in signing documents.

Fixing the error "Unable to verify the chain of certificates"

The solution to the problem directly depends on the cause of its occurrence, and therefore we will consider ways to eliminate the trouble, effective depending on the provoking factor.


Causes of a certificate conflict

The error is related to the incorrect use of digital signature keys and certificates, so it may appear regardless of the web resource you are working with. Face the notification “Unable to build a certificate chain for the trusted root authority. (0x800b010a)” (the text may differ, but does not change the essence of the question) is possible for the following reasons:

  • there is no access to the certification authority (CA), from where you can download the required certificate;
  • the required certificate is not in the store;
  • the certificate is missing or invalid (expired);
  • a failure in the program caused by outdated components and indicating the need to update the software;
  • unstable connection.

So, in the text of the error notification, the cause of the problem is reported – the certificate chain cannot be built, because one or more of them are not available (missing, incorrectly installed or out of date).

Error "Unable to verify certificate chain"

ATTENTION. Normal operation is carried out provided that the root (head), intermediate and personal certificates are installed. 

Fix crash 0x800b010a

If this problem occurs, the electronic signature will become invalid, and you will not be able to sign the file with it. Failure can occur under various conditions, on which the solution will depend.

Since the error with the code 0x800b010a and the explanation “Unable to build a certificate chain for the trusted root authority” or another description, for example, “Error calculating the signature”, occurs due to the impossibility of building elements, the main task is to check all participating links and restore chains. Let us consider in more detail how to fix the problem in different ways, relevant in a particular case.

IMPORTANT. The computer must have a version of the system not lower than Windows 7 and a stable Internet connection.

Checking deadlines

In some cases, the problem is caused by expired certificates. If you did not update them in a timely manner and did not request fresh keys, then the solution is to view the details and select the currently up-to-date certificate. To do this, select the desired one from the list and click the “View” button. The required information is available on the General tab. If necessary, we update, and if there is no trust, we install it in the correct directory. The impossibility of tracking the path to the trusted center indicates a violation of the common chain, probably intermediate certificates are not installed.

Validity period in CryptoPro

Checking for the presence of the main GTC

If the error is still bothering you, move on to the next troubleshooting option. In addition to checking the validity of the keys, it is also important to make sure that the master key of the PAC is present, which is the first and main link in the serial chain of certificates.

We perform the following manipulations step by step:

  • launch the CryptoPRO directories using “Start”, go to the “Certificates” section;
  • here we open “Current user” – “Personal” – “Registry” – “Certificates”; Going to the properties of certificates in CryptoPRO
  • we find an incorrect key (usually problematic objects are marked with a red cross), in its properties we select the item “Certification path”; Certification Path section in CryptoPRO
  • if not available, download from the official resource (install the certificate); Button "Install certificate" in CryptoPRO
  • installation takes place in the standard way through the installation wizard, during the procedure we specify the key storage – the directory “Trusted Root Certification Authorities”, after which we complete the import by confirming the action; Certificate Import Wizard in CryptoPRO
  • using a similar method, we check the PAK key “UC 1 IS GUTs” and “UC 2 IS GUTs”. If necessary, you can also download them from the official website by sending them to the Intermediate Certification Authorities repository. Completing the import of certificates in CryptoPRO
IMPORTANT. When installing the certificate of the Head CA, you should upload it to the “Trusted Root Certification Authorities” folder, the personal one is located in the “Personal” directory, and the rest – to the “Intermediate Certification Authorities”.

CryptoPro Verification

If the internal failure has not been resolved, you can try to reinstall CryptoPRO by completely removing the software from the computer and installing the latest version:

  • go to the Control Panel snap-in in any convenient way, for example, using a shortcut on the desktop (if available), from the Start menu or using the Run console (Win + R) and the Control command; Executing a Control Command
  • select the item “Uninstall a program” (section “Programs”); Section "Uninstalling a program"
  • find the desired application in the list and click “Delete”, restart the computer. An alternative is to use the Settings snap-in (in Windows 10). In the “System” section, there will be a subsection “Applications and Features”, where, by analogy with the “Control Panel”, you can find the program and delete it by pressing the appropriate button; Uninstalling the CryptoPro program
    ADVICE. The CryptoPRO resource also offers to download a special utility for cleaning product installation traces, we recommend using it, then reboot the device again and start installing the software.
  • on the CryptoPRO website, go to the Download Center (section “Download”) and select the appropriate distribution kit. Download and install the software in the standard way. Installing the CryptoPro program

When working in test mode, we recommend that you also check the correctness of the specified Time Stamp Service (TSP) address.

Support on the site can also help in solving problems with the functioning of the CryptoPRO program and other products.

Leave a Reply

Your email address will not be published. Required fields are marked *