Reassigning the correct SSL certificate to SharePoint 2010 Web Services IIS Site

Yesterday I experienced an error on the Sharepoint 2010 Web Services IIS site. I wrongly changed the default binding certificate for the https protocol and the following are the errors I got in the event viewer:

The Secure Store Service application SecureStoreServiceApplication is not accessible. The full exception text is: There was no endpoint listening at https://sharepointserver:32844/d135288cc8de436c8d899a64003c5585/SecureStoreService.svc/https that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.

An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=<CN>, OU=<OU>, O=<O>, L=Rome, S=Rome, C=IT\n Issuer Name: CN=<CN>, DC=<DC>, DC=it\n Thumbprint: 8D149D3FA98CA0FF1F5D0077FFC4DF9D0318829A\n\n Errors:\n\n SSL policy errors have been encountered.  Error code ‘0x2’..

The Secure Store Service application SecureStoreServiceApplication is not accessible. The full exception text is: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was ’00:10:00′.

It was very frustrating because I unsuccesfully tried to rerun the Sharepoint 2010 configuration wizard, to cancel and recreate the binding and to change the certificate via the UI of IIS.

Then I found this excellent post about Rik Hepworth that solved my issue:

http://blogs.blackmarble.co.uk/blogs/rhepworth/post/2010/01/07/reassigning-the-correct-ssl-certificate-to-sharepoint-2010-web-services-iis-site.aspx

Basically the two command, I run, are:

netsh http delete sslcert ipport=0.0.0:32844

and

netsh http add sslcert ipport=0.0.0:32844 certhash=<thumbprint> appid=<appid> certstorename=SharePoint

After then I fixed the problem. Great!

For further reading, I also found this post that explain very well the SharePoint 2010 Certificates and Certificate Authority:

http://blogs.msdn.com/b/besidethepoint/archive/2010/11/30/sharepoint-2010-certificates.aspx

Advertisements

5 thoughts on “Reassigning the correct SSL certificate to SharePoint 2010 Web Services IIS Site

  1. Pingback: Reassigning the correct SSL certificate to SharePoint 2010 Web … | Mastering Sharepoint

  2. We’re a group of volunteers and opening a new scheme in our community. Your website offered us with valuable information to work on. You’ve done a formidable
    job and our entire community will be grateful to you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s