{"id":1023,"date":"2012-03-13T21:26:50","date_gmt":"2012-03-14T04:26:50","guid":{"rendered":"http:\/\/blog.brainlitter.com\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/"},"modified":"2012-03-13T21:26:50","modified_gmt":"2012-03-14T04:26:50","slug":"sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel","status":"publish","type":"post","link":"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/","title":{"rendered":"SharePoint 2010 and Cert Trust &#8211; Could not establish trust relationship for the SSL\/TLS secure channel"},"content":{"rendered":"<p>This one has come up enough that I figured I\u2019d try and help folks get to the quick resolution of it. It presents itself in a number of scenarios but it also seems clear that folks aren\u2019t sure what certs they should be trusting so I\u2019m going to try to simplify the fix\u2026<\/p>\n<h1>The Issue<\/h1>\n<p>As mentioned, this comes up in several places, including InfoPath web forms trust and digital certificates, Performance Point, etc. and in the ULS, it typically shows up with errors such as these\u2026<\/p>\n<ul>\n<li>Could not establish trust relationship for the SSL\/TLS secure channel<\/li>\n<li>PerformancePoint Services could not connect to the specified data source. Verify that either the current user or Unattended Service Account has read permissions to the data source, depending on your security configuration. Also verify that all required connection information is provided and correct. System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL\/TLS secure channel<\/li>\n<li>An operation failed because the following certificate has validation errors:nnSubject Name<\/li>\n<li>The root of the certificate chain is not a trusted root authority<\/li>\n<\/ul>\n<p>It has also been discussed at length <a href=\"http:\/\/social.msdn.microsoft.com\/Forums\/en-US\/sharepoint2010general\/thread\/2dc6af5b-3afa-466d-b6e7-0c66368c5aff\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n<h1>The Fix<\/h1>\n<p>Okay, I guess I\u2019m skipping the explanation here, but it can be a problem in a number of scenarios, typically because a less than stellar digital certificate is being used to secure your site site with HTTPS (SSL). I.e. the most trusted (or most backroom hand-shaked <img decoding=\"async\" class=\"wlEmoticon wlEmoticon-winkingsmile\" style=\"border-style: none\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/wlEmoticon-winkingsmile1.png\" alt=\"Winking smile\" \/>) certs have weaseled their way into the appropriate trusted root and intermediate stores in your certificates setup. But if you are like me and just want a cert for encryption with a 3rd party trusted root authority, you are probably getting your certs cheaper than some. Anyways, I digress\u2026<\/p>\n<p>The fix is, get the root cert for the site you are securing with HTTPS\/SSL and put it in your SharePoint Trust store in Central Admin. And that is done like this\u2026<\/p>\n<h2>Figure out what cert you need\u2026<\/h2>\n<p>Visit your HTTPS\/SSL site. For example, <a href=\"https:\/\/go.somewhere.com\">https:\/\/go.somewhere.com<\/a>, and then view the certificate for your site.<\/p>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc07bef9.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"SNAGHTMLc07bef9\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc07bef9_thumb.png\" alt=\"SNAGHTMLc07bef9\" width=\"240\" height=\"160\" border=\"0\" \/><\/a><\/p>\n<p>Then view the certification path and click on the root certificate provider. Choose View Certificate, then go to the details tab and choose \u201ccopy to file\u201d to start the certificate export to file process. Make note of the Certificate Provider name (in my case, \u201cGeoTrust Global CA\u201d) as you\u2019ll probably want to call the cert that in Central Admin later.<\/p>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc096372.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"SNAGHTMLc096372\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc096372_thumb.png\" alt=\"SNAGHTMLc096372\" width=\"240\" height=\"151\" border=\"0\" \/><\/a><\/p>\n<h2>Now export that file<\/h2>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0b2846.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"SNAGHTMLc0b2846\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0b2846_thumb.png\" alt=\"SNAGHTMLc0b2846\" width=\"240\" height=\"217\" border=\"0\" \/><\/a><\/p>\n<p>Export as a .cer file<\/p>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0b71b5.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"SNAGHTMLc0b71b5\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0b71b5_thumb.png\" alt=\"SNAGHTMLc0b71b5\" width=\"240\" height=\"217\" border=\"0\" \/><\/a><\/p>\n<p>Save it somewhere you can find easily <img decoding=\"async\" class=\"wlEmoticon wlEmoticon-winkingsmile\" style=\"border-style: none\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/wlEmoticon-winkingsmile1.png\" alt=\"Winking smile\" \/><\/p>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0ba67a.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"SNAGHTMLc0ba67a\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0ba67a_thumb.png\" alt=\"SNAGHTMLc0ba67a\" width=\"240\" height=\"217\" border=\"0\" \/><\/a><\/p>\n<h2>Open Central Admin and install your cert<\/h2>\n<p>Click on Security<\/p>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0c8e97.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"SNAGHTMLc0c8e97\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0c8e97_thumb.png\" alt=\"SNAGHTMLc0c8e97\" width=\"240\" height=\"58\" border=\"0\" \/><\/a><\/p>\n<p>Select Manage Trust under General Security<\/p>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0cdae2.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"SNAGHTMLc0cdae2\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0cdae2_thumb.png\" alt=\"SNAGHTMLc0cdae2\" width=\"240\" height=\"71\" border=\"0\" \/><\/a><\/p>\n<p>Choose New\u2026<\/p>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0d0175.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"SNAGHTMLc0d0175\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0d0175_thumb.png\" alt=\"SNAGHTMLc0d0175\" width=\"240\" height=\"106\" border=\"0\" \/><\/a><\/p>\n<p>Give your cert trust a name (I go with the name of the cert provider, as noted above) and browse to the file you exported<\/p>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0db5b6.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"SNAGHTMLc0db5b6\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/SNAGHTMLc0db5b6_thumb.png\" alt=\"SNAGHTMLc0db5b6\" width=\"240\" height=\"216\" border=\"0\" \/><\/a><\/p>\n<h2>Verify the results<\/h2>\n<p><a href=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/image.png\"><img loading=\"lazy\" decoding=\"async\" style=\"margin: 0px;padding-left: 0px;padding-right: 0px;padding-top: 0px;border: 0px\" title=\"image\" src=\"\/wp-content\/uploads\/brainlitter\/2012\/03\/image_thumb.png\" alt=\"image\" width=\"240\" height=\"183\" border=\"0\" \/><\/a><\/p>\n<p>Finally, while I haven\u2019t bothered to see if it is necessary, I perform an IISRESET at this point as it is always a good time to give SharePoint a little kick in the ass.<\/p>\n<p>Hope this helps someone.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This one has come up enough that I figured I\u2019d try and help folks get to the quick resolution of it. It presents itself in a number of scenarios but it also seems clear that folks aren\u2019t sure what certs they should be trusting so I\u2019m going to try to simplify the fix\u2026 The Issue &hellip; <a href=\"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/\"><\/a><\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":"","_jetpack_memberships_contains_paid_content":false},"categories":[39,14,334,450],"tags":[557,558,559,560],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SharePoint 2010 and Cert Trust - Could not establish trust relationship for the SSL\/TLS secure channel - Brainlitter - Inside the mind of Sean Wallbridge<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SharePoint 2010 and Cert Trust - Could not establish trust relationship for the SSL\/TLS secure channel - Brainlitter - Inside the mind of Sean Wallbridge\" \/>\n<meta property=\"og:description\" content=\"This one has come up enough that I figured I\u2019d try and help folks get to the quick resolution of it. It presents itself in a number of scenarios but it also seems clear that folks aren\u2019t sure what certs they should be trusting so I\u2019m going to try to simplify the fix\u2026 The Issue &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/\" \/>\n<meta property=\"og:site_name\" content=\"Brainlitter - Inside the mind of Sean Wallbridge\" \/>\n<meta property=\"article:published_time\" content=\"2012-03-14T04:26:50+00:00\" \/>\n<meta name=\"author\" content=\"Sean Wallbridge\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sean Wallbridge\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/\",\"url\":\"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/\",\"name\":\"SharePoint 2010 and Cert Trust - Could not establish trust relationship for the SSL\/TLS secure channel - Brainlitter - Inside the mind of Sean Wallbridge\",\"isPartOf\":{\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#website\"},\"datePublished\":\"2012-03-14T04:26:50+00:00\",\"dateModified\":\"2012-03-14T04:26:50+00:00\",\"author\":{\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77\"},\"breadcrumb\":{\"@id\":\"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Brainlitter\",\"item\":\"https:\/\/regroove.ca\/brainlitter\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SharePoint 2010 and Cert Trust &#8211; Could not establish trust relationship for the SSL\/TLS secure channel\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#website\",\"url\":\"https:\/\/regroove.ca\/brainlitter\/\",\"name\":\"Brainlitter - Inside the mind of Sean Wallbridge\",\"description\":\"Dad. Husband. Drummer. Learner of Things.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/regroove.ca\/brainlitter\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77\",\"name\":\"Sean Wallbridge\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g\",\"caption\":\"Sean Wallbridge\"},\"url\":\"https:\/\/regroove.ca\/brainlitter\/author\/swallbridge\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SharePoint 2010 and Cert Trust - Could not establish trust relationship for the SSL\/TLS secure channel - Brainlitter - Inside the mind of Sean Wallbridge","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/","og_locale":"en_US","og_type":"article","og_title":"SharePoint 2010 and Cert Trust - Could not establish trust relationship for the SSL\/TLS secure channel - Brainlitter - Inside the mind of Sean Wallbridge","og_description":"This one has come up enough that I figured I\u2019d try and help folks get to the quick resolution of it. It presents itself in a number of scenarios but it also seems clear that folks aren\u2019t sure what certs they should be trusting so I\u2019m going to try to simplify the fix\u2026 The Issue &hellip;","og_url":"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/","og_site_name":"Brainlitter - Inside the mind of Sean Wallbridge","article_published_time":"2012-03-14T04:26:50+00:00","author":"Sean Wallbridge","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sean Wallbridge","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/","url":"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/","name":"SharePoint 2010 and Cert Trust - Could not establish trust relationship for the SSL\/TLS secure channel - Brainlitter - Inside the mind of Sean Wallbridge","isPartOf":{"@id":"https:\/\/regroove.ca\/brainlitter\/#website"},"datePublished":"2012-03-14T04:26:50+00:00","dateModified":"2012-03-14T04:26:50+00:00","author":{"@id":"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77"},"breadcrumb":{"@id":"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/regroove.ca\/brainlitter\/2012\/03\/13\/sharepoint-2010-and-cert-trust-could-not-establish-trust-relationship-for-the-ssltls-secure-channel\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Brainlitter","item":"https:\/\/regroove.ca\/brainlitter\/"},{"@type":"ListItem","position":2,"name":"SharePoint 2010 and Cert Trust &#8211; Could not establish trust relationship for the SSL\/TLS secure channel"}]},{"@type":"WebSite","@id":"https:\/\/regroove.ca\/brainlitter\/#website","url":"https:\/\/regroove.ca\/brainlitter\/","name":"Brainlitter - Inside the mind of Sean Wallbridge","description":"Dad. Husband. Drummer. Learner of Things.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/regroove.ca\/brainlitter\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77","name":"Sean Wallbridge","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/regroove.ca\/brainlitter\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g","caption":"Sean Wallbridge"},"url":"https:\/\/regroove.ca\/brainlitter\/author\/swallbridge\/"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/posts\/1023"}],"collection":[{"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/comments?post=1023"}],"version-history":[{"count":0,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/posts\/1023\/revisions"}],"wp:attachment":[{"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/media?parent=1023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/categories?post=1023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/regroove.ca\/brainlitter\/wp-json\/wp\/v2\/tags?post=1023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}