Yesterday I experienced an error on the Sharepoint 2010 Web Services IIS site. I wrongly changed the default binding certificate for the https protocol and the following are the errors I got in the event viewer:
The Secure Store Service application SecureStoreServiceApplication is not accessible. The full exception text is: There was no endpoint listening at https://sharepointserver:32844/d135288cc8de436c8d899a64003c5585/SecureStoreService.svc/https that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=<CN>, OU=<OU>, O=<O>, L=Rome, S=Rome, C=IT\n Issuer Name: CN=<CN>, DC=<DC>, DC=it\n Thumbprint: 8D149D3FA98CA0FF1F5D0077FFC4DF9D0318829A\n\n Errors:\n\n SSL policy errors have been encountered. Error code ‘0x2’..
The Secure Store Service application SecureStoreServiceApplication is not accessible. The full exception text is: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was ’00:10:00′.
It was very frustrating because I unsuccesfully tried to rerun the Sharepoint 2010 configuration wizard, to cancel and recreate the binding and to change the certificate via the UI of IIS.
Then I found this excellent post about Rik Hepworth that solved my issue:
Basically the two command, I run, are:
netsh http delete sslcert ipport=0.0.0:32844
netsh http add sslcert ipport=0.0.0:32844 certhash=<thumbprint> appid=<appid> certstorename=SharePoint
After then I fixed the problem. Great!
For further reading, I also found this post that explain very well the SharePoint 2010 Certificates and Certificate Authority: