Hi,
I've got an Applocker publisher rule for JDK 1.6.0_45 on a 2012 R2 server. The dll's and exe's are signed by "Sun Microsystems, Inc." but despite the publisher rule, they are still being blocked. When I run the following command:
get-authenticodesignature -filepath "...\java.exe"
I get an UnknownError status - A certificate chain could not be built to a trusted root authority. After a bit of googling, I see there's KB931125 that will update root certificates.
The server is patched using SCCM/WSUS but I can't find 931125 being installed on the server using wmic qfe. Will installing KB931125 be sufficient to resolve this issue? Problem is the updates are for Windows 7, 8 and 8.1. I couldn't find any specifically for servers 2008R2, 2012 and 2012R2.
Thanks.