Skip to main content

SharePoint2010 : The root of the certificate chain is not a trusted root authority

Image
By
Problem : The root of the certificate chain is not a trusted root authority.

Event Log Error


An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=<Certificate URL>, OU=Domain Control Validated, O=<Certificate URL>\nIssuer Name: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US\nThumbprint: xxxxxxxxxxxxxxxxxxxxxx\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority.

Main problem is your SSO Application unable to make a trust with SharePoint 2010 Site.


Common mistake:Most of developer while implementing the SSL on SharePoint Site they only include the main Certificate to SharePoint Security "Manage Trust"  i.e. (<Site URL>). SharePoint Site unable to make the trust between the SSO Site.

Solution : You need to first see the hierarchy of the certificate. How to check the hierarchy of the certificate. It is very simple.


Open the site in the browser. here in the example i opened the Google.com in Google Chrome browser.

Follow the steps.

1. Click the Certification Information.






2. Click on the Certification Path. You can see the hierarchy of the certificate here you can see the 1, 2, 3 marked as red. 


3. Next step you need to download the all three certificate and give them a name as "RootCert", "Intermediate Certs", "PassiveSigninSTS" (Main Certificate).

4. Click on the Details tab and click copy to file you see the following screen. Click next.

  5. Save the each Certificate with " DER Encoded binary x.509(.CER)." format and download it on your disk.



6. All three certificate you need to add to your SharePoint Administrator Under Security "Manage Trust" Section.

7. You can see the RootCert, Intermediate Certs, PassiveSigninSTS certificate.


8 . Above image "local" is  default certificate. To add the ce
rtificate just need to click the new and give a name to certificate and specify the location of your disk and leave the default settings press OK.



Labels:

Comments

Post a Comment

Popular posts from this blog

SharePoint RPC Protocols Examples Using OWSSVR.DLL

By
What is SharePoint RPC Protocols? Part 1 This reference includes information about the methods and usage of SharePoint Foundation Remote Procedure Call (RPC) protocol. This protocol can be used in Win32-based applications or in ASPX applications to make HTTP POST requests to the server. Methods in this protocol that do not modify the contents of the database can also be used in URL protocol to make HTTP GET requests. Definition taken from http://msdn.microsoft.com/en-us/library/ms448359.aspx You will find the OWSSVR.DLL in SharePoint 2010 Server Physical Path: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\ISAPI and MOSS C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\ISAPI OWSSVR.DLL List of commands DialogView  Display ExportList GetProjSchema GetUsageBlob HitCounter RenderView To read more about the OWSSVR.DLL command Please read the URL Protocol from Microsoft Blog having a URL http://msdn.microsoft.com/en...
1 comment
Read more

SharePoint 2013 Search Database Part 1

By
SharePoint 2013 Search architecture drastically change, as earlier in FS4SP 2010 we have 2 search applications “FASTContentSSA” and “FASTQuerySSA” and 7 total database in use. Following are the List of DB (FS4SP) FASTContentSSA Search Service Application DB Search Service Application Crawl Store DB Search Service Application Property Store DB FASTQuerySSA Search Service Application DB Search Service Application Crawl Store DB Search Service Application Property Store DB FASTSearchAdminDatabase : Fast Search Admin Database  In SharePoint 2013 search has only 1 Search Service application and 4 database in use. No property store database need any more, now the properties are directly stored inside the index component and all the index directly indexed to the physical system where FS4SP data comes from database as well as from the File system now data directly stored and indexed/ retried from the Physical disk because of this performance increase and search experien...
Post a Comment
Read more

STS CryptographicException Error : Key set does not exist

By
Common mistakes Both SharePoint Site and SSO Site NOT running on the same application pool. Application pool identity user doesn’t have permission to access the certification.  Solution to this problem Set the same identity pool to  : 2. Be sure to grant rights to the certificate for the App Pool running the web service Start -> Run -> MMC File -> Add/Remove Snapin Add the Certificates Snap In Select Computer Account, then hit next Select Local Computer (the default), then click Finish On the left panel from Console Root, navigate to Certificates (Local Computer) -> Personal -> Certificates You're certificate will most likely be here. Right click on your certificate -> All Tasks -> Manage Private Keys Set you're private key settings here. Add app pool account Reset iis
Post a Comment
Read more