Why do I receive the message "SekChek's digital certificate is expired or damaged" when I try to enable the PKI features?

---

It is possible that the certificate has expired.

However, the most likely reason is that your system's policies prevent third-party Root CAs from being trusted. This is particularly common on systems that are running MS-Vista.

Try to install SekChek's Root certificate manually, via the Certificate Import Wizard. (double-click on file SekRoot.cer, which is located in SekChek's installation directory)

If your system prevents third-party Root CAs from being trusted, Windows-XP may display one of the following messages:

"An error occurred during the addition of a certificate to the Trusted Root Certification Authorities store."

"The import failed because the store was read-only, the store was full, or the store did not open correctly."

With MS-Vista your system may not display any error message, but the certificate may be installed in your system's Intermediate CA store, instead of the Trusted Root CA store. This may occur even though you explicitly requested the certificate to be installed in the Trusted Root CA store.

The solution is to amend policy to ensure your system trusts SekChek's Root CA (only) or all third-party Root CAs.