Windows Certificate Requirements for Synopsys Products

Windows OS Only:  Most Synopsys products for the Windows platform are "signed" and require Windows security certificates for binary verification and validation.  This helps to ensure that you are using secure and untampered Synopsys binaries. 

If the required certificates are not installed, or are expired,

  • You will be unable to start the products (SCL license server or tools). 
  • You will receive a post-installation (end of installation) error message regarding the missing or expired certificates. For example, you might see an error like this:
missing or expired certificates

  • For Synopsys Common Licensing, you will not see a post-installation error message but will be unable to start the SCL server.  In the debug log, you will see one of these errors: 
    snpslmd exited with status 255 () -OR- Error Code: 501 

Required Certificates

For signed Windows-based products, the required certificates include:

  • Sectigo RSA Time Stamping CA
  • UTN-USERFirst-Object
  • USERTrust RSA Certification Authority
  • VeriSign Class 3 Public Primary Certification Authority - G5
  • VeriSign Universal Root Certification Authority

Checking Host Machine for Missing Certificates

If your host machine is a license server running the Synopsys Common Licensing server software, you can determine if your machine has the required certificates by running the whatscl.exe command-line utility included with SCL.  For example:

C:\Synopsys\SCL\2018.06-SP1\win32\bin> whatscl.exe --check-cert

Certificate details required by Synopsys tools on winserver:

  - Required Certificates are installed on this machine

If certificates are expired or missing, you will see an error that describes the certificate(s) that need to be installed.  For example, you might see

Certificate details required by Synopsys tools on winserver:

  - Some of the required Certificates are not installed on this machine

  - Please update the following Certificate(s) from Windows Update Manager

(1)VeriSign Universal Root Certification Authority

(2)VeriSign Class 3 Public Primary Certification Authority - G5


(4)USERTrust RSA Certification Authority

Resolving Certificate Errors

To resolve any certificate errors regarding missing or expired certificates, you must download and install / update the required certificates. 

Important:  The required Windows certificates must be installed only as trusted root certificates.

Downloading Required Certificates

The required certificates are normally installed automatically by Microsoft. If certificates are missing, they may be obtained from the links below.

More Information

For more information on downloading and installing the required certificates, including information on exporting and importing the certificates from another machine, download the Resolving Windows Certificate Errors document.