Archive for August, 2011

SharePoint 2010 & HTTPS network connections

It’s really frustrating sometimes how Microsoft’s whitepapers are so specific to individual cases that they fail to apply to any useful scenario – particularly those scenarios that involve custom development.  Such is the case for making HTTPS web service calls from SharePoint 2010 (to external endpoints).

The Goal

Custom built web parts deployed into SharePoint 2010 need to make web service calls to a 3rd party API which used an HTTPS endpoint.

The Error

Could not establish trust relationship for the SSL/TLS secure channel with authority ‘[some url]’

My Flailings

The typical cause of this is that the root certificate that the SSL endpoint uses is not trusted by the computer that is attempting to make the web service connection.  The typical resolution?  Open the certificates snap-in through the Windows Management Console and add the root certificate (or even the certificate for the SSL endpoint) to the Trusted Authorities node and you’re all good.  You can even test this by navigating to the endpoint with your browser; if you get a certificate warning it didn’t work, otherwise it’s gravy.

The issue (and the reason for this blog post) is that this doesn’t work; apparently SharePoint completely ignores the machine settings for the trusted root certificates.

The Solution

It’s actually quite simple – open Central Administration and go to the security page.  Find and click the Manage Trusts link. Add a new trust, and in the window that opens upload your root server certificate, give it a good name and boom, things start working – just like magic.

I also found a nice little PowerShell script that will automate the trust creation for you:

$root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\MyRootCertificate.cer");
New-SPTrustedRootAuthority -Name "my root certificate" -Certificate $root;