SharePoint Certificate errors

January 9 2012 75 comments

This article introduces some tools and practices that I’ve seen useful for tackling SharePoint 2010 errors arising from SSL Certificates. The main reason for writing this article is the “The root of the certificate chain is not a trusted root authority” – error.

Let’s first take a look at a useful tool for solving certificate errors. Windows has built in a very good SSL certificate error log called CAPI2. This can be enabled under Application and Services Logs -> Microsoft -> CAPI2 by left clicking “Operational” and pressing “Enable Log”.
CAPI2 Log
Two most common errors in CAPI2 log seems to be errors in Certification Revocation Lists (CRL) and untrusted root certificate chains. Let’s take a look at how one could solve these problems.

Certificate revocation list errors
To make sure that the SSL certificates are valid windows checks for CRL. By default it will try to access this list for 15 seconds. If the list cannot be accessed the process is continued normally.
In SharePoint CRL problems may occur for example as long loading times (especially if the page is not used frequently), broken functionalities, etc.
CRL access errors can be solved by a few quite easy steps:
1. In CAPI2 open error event in Details / XML view and find what CRL (Certificate Revocation List) URL the server is trying to access.CRL error
2. You basically have two options for solving this:

  1. a. Enable access to the CRL address. If you can connect to the Internet via a proxy, you can first configure proxy settings in Internet settings panel and then run:
    netsh winhttp import proxy ie
  2. b. Disable certificate revocation list check (not recommended) How to Disable CRL Checking

Untrusted root authority or broken certificate chain error in SharePoint
1.Let’s first make sure that you have the proper error.

  1. a. Open Management console and add certificate snap in.
  2. b. Expand Certificates -> SharePoint -> Certificates and open one of the certificates included in that folder.
  3. c. On the Certification Path -tab should look like as in the following figure.

2. OK, so let’s fix this problem. The problem by the way is that these certificates are issued by a certificate authority which is not trusted.

  1. a. First we must export the root certificate from SharePoint by using the following PowerShell commands:
    $rootCert = (Get-SPCertificateAuthority).RootCertificate
    $rootCert.Export("Cert") | Set-Content C:\FarmRoot.cer -Encoding byte
  2. b. Then import the SharePoint root certificate to trusted root authorities

3. If all went well the certificates under SharePoint certificate store should look like in the following figure.

Allthought we have focused on SharePoint 2010 in this blog post these tools and practices can alse been applied for many other software running on Windows platform.

Popularity: 8% [?]

75 comments to “SharePoint Certificate errors”

  1. cerebral says:

    Cerebral Palsy Lawyers Tools To Help You Manage Your Daily
    Life Cerebral Palsy Lawyers Trick That Every
    Person Should Know cerebral

  2. 15 Best Pinterest Boards Of All Time About Cheap Couches For Sale best places to buy couches (http://www.longisland.com)

  3. Ten Locksmith For Cars That Really Make Your Life
    Better Mobile locksmith car – zsunme.cafe24.Com
    -

  4. Near me says:

    15 Interesting Facts About Designer Handbags Beige That You Didn’t Know Near me

  5. Kristie says:

    This Is What Double Glazed Units Near Me Will Look Like In 10
    Years replacement double glazed units near me (Kristie)

  6. 10 Things Everyone Hates About Boat Accident Attorneys washington Boat Accident attorney (Https://vimeo.com)

  7. Kbfa.net says:

    What’s The Current Job Market For Double Glazed Window Repairs Professionals Like?
    double glazed window repairs (Kbfa.net)

  8. You’ll Be Unable To Guess Motorcycle Accident Settlement’s Secrets motorcycle Accident

  9. Its History Of Top Accident Attorney injury attorneys in New jersey; macleod-macmillan.hubstack.net,

  10. csgo says:

    Why Do So Many People Want To Know About Case Battle CS GO?
    csgo

  11. 5 Killer Quora Answers On Nespresso Machines Compared Nespresso machines Compared

  12. Vimeo.Com says:

    Why Car Accident Lawsuit Isn’t As Easy As You Think Vimeo.Com

  13. injury says:

    See What Injury Claim Tricks The Celebs Are Making Use
    Of injury

  14. Regan says:

    9 . What Your Parents Taught You About Upvc Window Repairs window repairs
    (Regan)

  15. What’s Holding Back In The Chest Freezer For Outbuilding
    Industry? Industrial Freezers

  16. Joan says:

    Why We Why We Cheap Online Electronics Shopping Uk (And You Should
    Too!) Hdpe Produce Bags (If The Bags Are Made Of High-Density Polyethylene) (Joan)

  17. Nigel says:

    You’ll Be Unable To Guess Double Glazed Units Near Me’s Secrets double glazed units near me (Nigel)

  18. law says:

    5 Lessons You Can Learn From Birth Defect
    Case law

  19. The 10 Most Terrifying Things About Wood Burner Stoves Uk Wood Burner Stoves Uk

  20. You’ll Never Be Able To Figure Out This Cost Of Ghost Immobiliser’s
    Tricks cost of ghost immobiliser

  21. Rhys says:

    What Is The Reason Why Mesothelioma Claim
    Are So Helpful In COVID-19? mesothelioma settlement (Rhys)

  22. 10 Reasons You’ll Need To Know About Motorcycle Accident
    Attorney Motorcycle accidents

  23. Auto Accident Settlement Tools To Streamline Your Daily Life Auto Accident Settlement Trick
    That Everyone Should Be Able To auto accident

  24. Charissa says:

    A Proactive Rant About Accident Injury Attorney accident attorney boise idaho; Charissa,

  25. hudson Asbestos Lawyer victims seek compensation from
    companies responsible for asbestos exposure. Personal
    injury and wrongful-death claims are used to achieve this.
    A lawyer with experience can assist victims and their
    families through the process.

Leave a Reply