SharePoint Certificate errors
This article introduces some tools and practices that I’ve seen useful for tackling SharePoint 2010 errors arising from SSL Certificates. The main reason for writing this article is the “The root of the certificate chain is not a trusted root authority” – error.
Let’s first take a look at a useful tool for solving certificate errors. Windows has built in a very good SSL certificate error log called CAPI2. This can be enabled under Application and Services Logs -> Microsoft -> CAPI2 by left clicking “Operational” and pressing “Enable Log”.
Two most common errors in CAPI2 log seems to be errors in Certification Revocation Lists (CRL) and untrusted root certificate chains. Let’s take a look at how one could solve these problems.
Certificate revocation list errors
To make sure that the SSL certificates are valid windows checks for CRL. By default it will try to access this list for 15 seconds. If the list cannot be accessed the process is continued normally.
In SharePoint CRL problems may occur for example as long loading times (especially if the page is not used frequently), broken functionalities, etc.
CRL access errors can be solved by a few quite easy steps:
1. In CAPI2 open error event in Details / XML view and find what CRL (Certificate Revocation List) URL the server is trying to access.
2. You basically have two options for solving this:
- a. Enable access to the CRL address. If you can connect to the Internet via a proxy, you can first configure proxy settings in Internet settings panel and then run:
netsh winhttp import proxy ie
- b. Disable certificate revocation list check (not recommended) How to Disable CRL Checking
Untrusted root authority or broken certificate chain error in SharePoint
1.Let’s first make sure that you have the proper error.
- a. Open Management console and add certificate snap in.
- b. Expand Certificates -> SharePoint -> Certificates and open one of the certificates included in that folder.
- c. On the Certification Path -tab should look like as in the following figure.
2. OK, so let’s fix this problem. The problem by the way is that these certificates are issued by a certificate authority which is not trusted.
- a. First we must export the root certificate from SharePoint by using the following PowerShell commands:
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content C:\FarmRoot.cer -Encoding byte - b. Then import the SharePoint root certificate to trusted root authorities
3. If all went well the certificates under SharePoint certificate store should look like in the following figure.
Allthought we have focused on SharePoint 2010 in this blog post these tools and practices can alse been applied for many other software running on Windows platform.
Popularity: 8% [?]
Hola from Chile, I had a certificate problem with a client’s SharePoint environment a while ago. The site stopped responding and SharePoint was throwing “certificate expired” errors in Windows log. In this case the solution was (embarrassingly) simple: the server had the date and time set wrong – nobody admits having changed it -, and it caused the certificate to be invalid. It was a simple solution but it took me a while to solve it because nothing in the logs indicated that it was a date/time issue.
This proves that it’s very important to have a up to date list that includes informtion about: the certificates that your company own, expiration dates and servers on which these certificates are installed to.
Goood! Regards
I drop a leave a response whenever I appreciate
I actually do have some questions for you if you don’t
And, if you are posting on additional sites, I’d like
a post on a website or if I have something to valuable to contribute to the conversation. Usually it is caused by the passion communicated in the
post I read. And after this article SharePoint Certificate errors | SharePoint Blues.
I was moved enough to drop a thought
mind. Could it be only me or do some of these remarks come across as if they are left by brain dead
people?
to follow you. Would you make a list the complete urls of your
community sites like your linkedin profile, Facebook page or twitter feed?
my blog post … florida medical marijuana
Its like you read my mind! You appear to know a lot about this,
like you wrote the book in it or something.
I think that you could do with some pics to drive the
message home a bit, but instead of that, this is magnificent blog.
An excellent read. I will definitely be back.
Also visit my web site … coarse fishing equipment
For hottest information you have to visit the
web and on web I found this site as a best web site for hottest updates.
You ought to be a part of a contest for one of the best sites
on the internet. I will highly recommend
this site!
Hi there it’s me, I am also visiting this web site
on a regular basis, this website is genuinely good and the users are
genuinely sharing nice thoughts.
I feel this is among the so much important information for me.
And i’m glad reading your article. But wanna commentary on few
basic things, The website taste is great, the articles is really great :
D. Good job, cheers
This is a really good tip especially to those new to the
blogosphere. Short but very accurate info… Many thanks for sharing this one.
A must read post!
UNWTO secretary-general Taleb Rifai said: ??International tourism is set to end 2014 with record numbers.Tourism numbers have shown almost continued growth over the past six decades ?C from 25 million in 1950 to 278 million in 1980, This is standard throughout the insurance industry. I phoned the debt collector, But if he bumps into it,According to an eyewitness,100Car hire: ?France also,And a new EU proposal emerged to increase the size of health warnings from 50 per cent to 75 per cent of packaging – although this has been watered down with an increase in size to 65 per cent now being touted. That works.
com he has backed down. which was the original UK publisher of To Kill A Mockingbird. Street circuits are fun. who are led by Rosberg,Neither my father nor I ever thought of questioning this meaningless diagnosis. she went under and allowed it to take over.We’ve been following the progress of the Wales football team in camp. . who looked ravishing in her bridal dress and sensationally expensive Jimmy Choos. but my wife and I came to an unspoken agreement when we went to the altar 34 years ago: when it came to decision-making.
it is celebratory but far from soppy.5. but as the weeks and months passed they realised this time it was for real. buckwheat and beetroot risotto.Others will have different rules about when you can retire or what protection is available to your dependents.It??d be worth asking all your pension providers to give you an up to date statement if you haven??t one already and a copy of their scheme booklet outlining how their scheme works and what benefits are payableAll will be able to tell you how much can be transferred to another plan This isn??t a decision you have to take now In most cases you will be allowed up to one year before your normal retirement date to transfer if this is what you plan to doThere can be lots of things to take account of when considering transferring a pension For help and guidance ring the Pensions Advisory Service helpline on 0300 123 1047Danny Cox independent financial adviser at Hargreaves Lansdown adds: Consolidating old pensions is very common and makes managing them much easier and in some cases cheaper depending upon the type of pensionTransfers can be very straightforward What is important is to check the value of any guarantees you might be giving up and the costs of transferringIf you join a new employer consider transferring your pensions to your new company scheme The scheme administrators will be able to help you with thisThe alternative is a private pension scheme such as a low cost SIPP These provide the best combination of low cost investment choice online access and ease of managementA financial adviser will probably charge between one and two per cent of the value of your pensions to advise you on a transfer ie 500 for every 25000 of valueAssessment of a final salary pension transfer will be more expensive around 1000 but this is worth paying if you are unsure Always seek the advice of an independent financial adviser I would appreciate the help of your experts.’I was appalled and asked them why they did this to the surviving cats,’The vast majority of these animals are stolen pets or illegally imported from other countries as with these cats.’Fellow Tory Nadine Dorries said it was an ‘arrogant,‘What matters most is that children are getting the best quality education they can.I once had a riding teacher whose motto,Helen.
yo
Hello everybody, here every one is sharing these kinds of know-how, therefore it’s fastidious to read this website, and I
used to visit this web site everyday.
What’s up,I check your blogs named “SharePoint Certificate errors | SharePoint Blues” daily.Your writing style is awesome, keep up the good work! And you can look our website about powerful love spells.
I see you don’t monetize your blog, don’t waste
your traffic, you can earn additional cash every month
because you’ve got high quality content. If you want to know how to make extra $$$,
search for: Mertiso’s tips best adsense alternative
Hi,I log on to your blogs named “SharePoint Certificate errors | SharePoint Blues” like every week.Your writing style is awesome, keep it up! And you can look our website about proxy list.
It’s truly a nice and helpful piece of information.
I’m satisfied that you simply shared this useful information with
us. Please stay us informed like this. Thank you for
sharing.
Wonderful, what a webpage it is! This weblog gives valuable data to us, keep it
up.
This has been posted 2012, I hope the solution still works for modern errors of share point.
Woa, thanks a lot for sharing this. This errors are pretty persistent for some users.
I’m so glad I cam here, this is so amazing! Thanks for sharing this information
You did a great job! Thanks for posting this great article
Great article! Thanks
Я не могу воздержаться и не прокомментировать.
Исключительно хорошо написано!
CAPI2 in Windows can help you with certificate errors.
This is great! Thanks for sharing this fix!
Thanks for posting this solution! Keep it up!
Amazing article! Thanks for sharing this certifiicate error solution. https://sidingashburnva.com
An excellent post, congratulations !!
Yuo must to try sex treffen mainz for your own free sexy chat experience with local girls!
This is great!
Spend some time in sexy chat with hot young ladies at oma sextreffen and you will not regret it!
Very good article, thanks
I personally got good results with https://zeep.ly/gqHec
I recommend them, they are very good.
I definitely loved every little bit of it – sie sucht ihn sex dresden! You need to try too!
This issue occurs because of the Alternate access mappings setting on the SharePoint server. When SharePoint servers are on the same network as Outlook, the Intranet Zone mapping in SharePoint takes precedence over the Default mapping.
Check out the world’s best site for selling opal rings opal magic
Very informative article. Such an amazing and helpful post.
vent hood installation services
One of the most helpful articles I came across. than you so much.
https://www.doggroominglancasterca.com/
Vos filles trans adorées vous attendent sur le site travestie. Venez ici maintenant et discutez avec eux !
Il n’y a qu’un seul endroit idéal pour discuter avec de vraies vieilles cochonne, alors ne perdez plus de temps et consultez cette page maintenant
sex in bern Best sex in country!!!!
If you want to find out something about fine ladies in EU you must check Sexkontake in Köniz
I like every piece of your blog. Thank you so much for posting this. Escape 1500-I Wood Insert Trio