Synopsys Cloud
Cloud native EDA tools & pre-optimized hardware platforms
Request a Free Trial →
Windows Certificate Requirements for Synopsys Products
Windows OS Only: Most Synopsys products for the Windows platform are "signed" and require Windows security certificates for binary verification and validation. This helps to ensure that you are using secure and untampered Synopsys binaries.
If the required certificates are not installed, or are expired,
- You will be unable to start the products (SCL license server or tools).
- You will receive a post-installation (end of installation) error message regarding the missing or expired certificates. For example, you might see an error like this:
- For Synopsys Common Licensing, you will not see a post-installation error message but will be unable to start the SCL server. In the debug log, you will see one of these errors:
snpslmd exited with status 255 () -OR- Error Code: 501
Required Certificates
For signed Windows-based products, the required certificates include:
- Sectigo RSA Time Stamping CA
- UTN-USERFirst-Object
- USERTrust RSA Certification Authority
- VeriSign Class 3 Public Primary Certification Authority - G5
- VeriSign Universal Root Certification Authority
Checking Host Machine for Missing Certificates
If your host machine is a license server running the Synopsys Common Licensing server software, you can determine if your machine has the required certificates by running the whatscl.exe command-line utility included with SCL. For example:
C:\Synopsys\SCL\2018.06-SP1\win32\bin> whatscl.exe --check-cert
Certificate details required by Synopsys tools on winserver:
- Required Certificates are installed on this machine
If certificates are expired or missing, you will see an error that describes the certificate(s) that need to be installed. For example, you might see
Certificate details required by Synopsys tools on winserver:
- Some of the required Certificates are not installed on this machine
- Please update the following Certificate(s) from Windows Update Manager
(1)VeriSign Universal Root Certification Authority
(2)VeriSign Class 3 Public Primary Certification Authority - G5
(3)UTN-USERFirst-Object
(4)USERTrust RSA Certification Authority
Resolving Certificate Errors
To resolve any certificate errors regarding missing or expired certificates, you must download and install / update the required certificates.
Important: The required Windows certificates must be installed only as trusted root certificates.
Downloading Required Certificates
The required certificates are normally installed automatically by Microsoft. If certificates are missing, they may be obtained from the links below.
- Comodo (UTN-USERFirst-Object):
https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/961/0/kmcs-utn-userfirst-object - USERTrust RSA:
http://www.tbs-x509.com/USERTrustRSACertificationAuthority.crt - VeriSign (DigiCert) certificates:
https://www.websecurity.digicert.com/theme/roots - Sectigo RSA Time Stamping:
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt
More Information
For more information on downloading and installing the required certificates, including information on exporting and importing the certificates from another machine, download the Resolving Windows Certificate Errors document.