https://bugs.winehq.org/show_bug.cgi?id=49515
--- Comment #18 from Matthew Toseland toad@amphibian.dyndns.org --- Googling the signer ID suggests that the old Verisign Class 3 certs are needed (which are not only officially withdrawn but signed with SHA1, ugh!). However adding them does not fix the problem. I wonder if it could be something else, e.g. timestamping...