Ask a Question

Advanced Search

Solution ID : SO27022

Last Modified : 05/02/2018

SHA2 Signature Algorithm produces error: "This Certificate has an non valid digital signature" on Windows 2003 Server


When reviewing a certificate, you may see the following error messages:

Certificate signature could not be verified using issuer's certificate.

The integrity of this certificate cannot be guaranteed. This certificate may be corrupted or may have been altered.

This certificate has an nonvalid digital signature.


This problem occurs because the Cryptography API 2 (CAPI2) in Windows Server 2003 does not support the SHA2 family of hashing algorithms. CAPI2 is the part of the Cryptography API that handles certificates.


A supported hotfix is available from Microsoft.

Please visit Microsoft's Knowledge Base article for further information and fixes for this error:

For further compatibility information with SHA2 Signature Algorithm, please review the following solution: SO19176