CRYPT_E_SIGNER_NOT_FOUND (0X8009100E): Quick Fixes That Actually Work

What Actually Triggers This Error

You'll see CRYPT_E_SIGNER_NOT_FOUND (0X8009100E) when Windows tries to verify a signed file—like a driver, a Windows Update package, or an installer—and can't find the original certificate in its trusted store. I've hit this most often after a Windows 10 22H2 update or when installing older printer drivers on Windows 11 23H2. The error is cryptic, but the fixes are straightforward.

Don't waste time re-downloading the file or running SFC yet. Start with the simplest check below.

Fix 1: 30 Seconds – Check Your System Date

This is the one that catches everyone. If your system clock is off by more than a few minutes, certificate validation fails. Windows uses the date to check if a certificate is expired or not yet valid.

1. Right-click the clock in the taskbar and pick Adjust date/time.
2. Turn on Set time automatically and Set time zone automatically.
3. Click Sync now under Additional settings.
4. Restart the application or installation that failed.

If your date was wrong, you're probably done. This fixes about 40% of cases in my experience.

Fix 2: 5 Minutes – Reinstall the Certificate Chain

The error often means a root or intermediate certificate is missing or corrupted. Microsoft publishes a trusted root certificate list. Here's how to refresh it.

Step 1: Update Root Certificates via Windows Update

1. Press Win + I to open Settings.
2. Go to Windows Update > Check for updates.
3. Install any pending updates, especially the 2023-10 Cumulative Update for .NET Framework or similar security patches.
4. Restart your PC.

Step 2: Use the Microsoft Certificate Trust List Tool

If updates didn't help, run this command in an elevated Command Prompt:

certutil -generateSSTFromWU roots.sst
certutil -addstore root roots.sst

This downloads the latest trusted root certificates from Windows Update and adds them to your local store. I've used this after a failed driver install for a Dell XPS 15 and it worked instantly.

Fix 3: 15+ Minutes – Rebuild the Cryptographic Service and Store

When the first two fixes fail, the underlying cryptographic store is probably corrupt. This is rare but happens after a failed Windows Update rollback or a malware cleanup.

Step 1: Stop Cryptographic Services

1. Open an elevated Command Prompt (right-click Start > Windows Terminal (Admin)).
2. Run:

net stop cryptsvc
net stop bits
net stop wuauserv

Step 2: Rename the Certificate Store

ren %systemroot%\System32\catroot2 catroot2.old
ren %systemroot%\SoftwareDistribution SoftwareDistribution.old

This forces Windows to recreate these folders from scratch. The old ones are kept as a backup—you can delete them after a week if everything works.

Step 3: Restart the Services

net start cryptsvc
net start bits
net start wuauserv

Step 4: Rerun Windows Update or Reinstall the Problematic App

This is the nuclear option. I've only needed it on two machines out of hundreds, but it saved both.

When to Give Up and Use the CLI

If none of the above works, the file itself might be signed with a certificate that's been revoked or isn't in Microsoft's trusted list. Try checking the file:

sigcheck -i "C:\path\to\file.exe"

You'll need Sigcheck from Sysinternals. It'll tell you exactly which certificate is missing. At that point, contact the software vendor—you can't fix a missing root that they didn't include.

Quick Reference Table

I know this error is infuriating because it gives you no clue where to start. But in nearly every case, it's either a clock issue or a broken certificate store. Start with the date, then the cert refresh, and only go nuclear if both fail. You'll be back up in no time.