Wednesday, March 09, 2016

The Problem
Consume web services (running on HTTPS) in SharePoint and SSL certificate is not registered in SharePoint under TRUST Authority.
Related Errors

  • Web Services: Could not establish trust relationship for the SSL/TLS
  • Server was unable to process request. ---> The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  • An operation failed because the following certificate has validation errors:Subject Name: Issuer Name: CN=XXXTRUST AuthorityName DV SSL CA - G3, OU=Domain Validated SSL, O=GeoTrust Inc., C=US Thumbprint: 3495DB5381AC3EXXXXXX9  Errors:   PartialChain: A certificate chain could not be built to a trusted root authority.  RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.  OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.  . 1b31659d-b408-b0d3-ae61-808af97de845

Note: These errors are applicable to other web applications as well and are not limited to SharePoint.

ResolutionTo overcome this error, you need to add the certificate(of Web Service Running on SSL) to SharePoint Manage Trust Authority. 

Downloading the Certificate:
First Step is to down the certificate of web service.1) Open Web service in Browser. 2) Click the Lock in address bar if you are using chrome, its on right hand side if you are using I.E
3) Click View Certificate 
4) Add a new Certificate

2) Click Details

4) Select Certification Path-> Select the top level Certification Path (STEP 1)->View Certificate (SEP 2)->Details tab->Copy to File(Step 3) -> Next -> Select the format as DER encoded binary X.509 (.CER)

Repeat Step 4 for Top level certificate and levels below it (LEVEL 1 &2 in this case)

By Now you should have certificate files (2 files in this example) on your local machine in .cer format.

Add Certificate to SharePoint

1) Open SharePoint Central Admin
2) Click Security
3) Under General Security select Manage Trust

5) Select the certificate which you have saved in previous step, Repeat this for all downloaded certificates. (2 Certificates in this example)

No comments: