Internet Explorer shows valid certificate as "corrupt or invalid signature"

Microsoft released a security update on January 12th 2016. This update has changed the way Windows enforces authenticode code signing and timestamping.

If your code signing certificate has a SHA1 signature, anything signed with such a certificate after the end of 2015 was being flagged as an invalid signature. So you will need to have your certificate re-issued to meet the new requirements.

Take a look at this article: Renew your Windows code signing certificates by December 31, 2015.

I've discovered through trial and error that this is caused by a Windows update that breaks IE:

Cumulative Security Update for Internet Explorer (2870699) - published Sept. 10, 2013

http://support.microsoft.com/kb/2870699

http://technet.microsoft.com/en-us/security/bulletin/ms13-069

I installed all of the latest updates and was able to reproduce the problem. I then uninstalled this single update and it fixed the problem. I then reinstalled the update and it was broken again.

This is bad!