File signature could not be verified 11.0.6_en-US.exe [32-bit]


torbrowser-install-11.0.6_en-US.exe [32-bit] - Out of date sig.



Screen grab of cert hosted @

@Tig7, can you verify the signature as described in: How can I verify Tor Browser’s signature?

This can very well be a false positive by the anti-virus/anti-malware software. (ref.

Thanks for the reply @ championquizzer ,

I can’t verify the signature as described in your link, atm.
The SHA-256 for the .exe matches up though @

The problem is the out of date certificate (see screen grab link above).

Not running any anti-virus/anti-malware software, btw.

Thanks for your help.

Where are you seeing this certificate? Thanks!

Have a look here in the x509 Certificates section:

Name           The Tor Project, Inc.
Issuer         DigiCert EV Code Signing CA (SHA2)
Valid From     2017-04-04 00:00:00
Valid To       2020-06-04 12:00:00
Algorithm      sha256RSA
Thumbprint     29643B7AC0003D8A882F8A4A6E064110D96B980B
Serial Number  0F 62 2E F3 1D 0F 1E F9 4E 52 0D BD 7A 43 E5 8C 

I see. Thanks, @atari .

I am afraid, I am not familiar with this, but will bring this to the attention of the Applications Team.

Thanks, @championquizzer and @atari .

Any feedback from the Applications Team, as I’m unable to update to 11.0.6 until the expired certificate in the digital signature of the installer is addressed.


@Tig7, thank you for reporting! The Applications team is aware of the issue and working to have this resolved (cc @boklm).

The issue is being tracked on our bug tracker, here: Re-sign 11.0.6 and 11.5a4 windows builds (#40434) · Issues · The Tor Project / Applications / tor-browser-build · GitLab

1 Like

Hi! Sorry for the delay in fixing this. New .exe files signed with the new certificate have now been uploaded to Index of /torbrowser/11.0.6.

And the next release will be signed with the correct certificate too.


This topic was automatically closed 2 hours after the last reply. New replies are no longer allowed.