I am trying to update Novell Client on our Windows 7 workstations, using a Zenworks bundle. This method has worked in the past: copy the installation files to c:\temp\zeninstall\clnt2sp3ir5 (including appropriately modified NovellClientProperties.txt and install.ini) and then just launch "setup.exe /ncpf" as secure system user.

This time I noticed that the new client was only partially installed. When viewing Novell Client properties it shows the new version, however, some files are definitely from the previous client version (for example C:\Windows\System32\lgnwnt32.dll).

I dug up c:\windows\inf\setupapi.dev.log and it seems that installation was aborted due to "unsigned driver package":
     sto:                Validating driver package files against catalog 'netnvcli.cat'.
!!!  sto:                Driver package signer is unknown. Assuming untrusted signer. Error = 0x800F0242
!!!  ndv:                Driver package failed signature validation. Error = 0xE0000242
     sto:           {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE exit(0xe0000242)} 12:37:47.960
!!!  sto:           Driver package failed signature verification. Error = 0xE0000242
!!!  sto:           Failed to import driver package into Driver Store. Error = 0xE0000242
     sto:      {Stage Driver Package: exit(0xe0000242)} 12:37:48.225
!!!  sto:      Failed to stage driver package to Driver Store. Error = 0xE0000242, Time = 6521 ms
     sto: {Import Driver Package: exit(0xe0000242)} 12:37:49.973
     inf: Opened INF: 'c:\temp\zeninstall\novell_client\c2sp3ir5\netnvcli.inf' ([strings])
!    inf: Add to Driver Store unsuccessful
!    inf: Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted.
!!!  inf: returning failure to SetupCopyOEMInf
<<<  Section end 2014/02/11 12:37:51.439
<<<  [Exit status: FAILURE(0xe0000242)]
If I run the installation manually, I am prompted at one point about unsigned driver and whether I want to install it. If I answer "yes", the installation is successful.

Looking at Windows' certificate store on our computers, I see under "Trusted Publishers" a certificate issued to Novell, Inc by "Verisign Class 3 Code Signing 2009-2 CA", but that certificate expired on 27.04.2013.

How can I obtain and deploy the certificate that would allow the silent installation of Novell Client 2 SP3 IR5 to proceed? Or am I going about this in an entirely wrong way?