Recent update causes IE and Edge to erroniously report "The signature of xxxx.msi is corrupt or invalid"

By design Issue #6246005


Jan 20, 2016
This issue is public.
Reported by 0 people

Sign in to watch or report this issue.

Steps to reproduce


Repro Steps:

I am sure you have your own ftp site to try this on but if you want to download my msi and verify it yourself with signtool then here you go:

Expected Results:

IE and Edge should not be telling users that the signature is invalid when in fact it is.

Actual Results:

Dev Channel specific:



0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Sermet I.”

      Changed Assigned To from “Sermet I.” to “IE S.”

      Changed Status to “By design”

    • Hello,

      Thank you for providing this information about the issue. Edge and IE are working as designed; the msi is signed with an SHA1 certificate, which is no longer considered valid. Please refer to for information about this change.

      Best Wishes,
      The MS Edge Team

    You need to sign in to your Microsoft account to add a comment.

    Sign in