Thursday, June 7, 2012

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I just setup my SharePoint 2010 instance to run under SSL. I have a Powershell script that creates users and does a bunch of other setup things. One of the steps is to load some SharePoint pages which I do with something like this:


$Page = $WebClient.DownloadString($URL)


This was working fine when the default zone was HTTP but now that I am on HTTPS, I get the following error:

Exception calling "DownloadString" with "1" argument(s): "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
At line:1 char:34
+ $Page = $WebClient.DownloadString <<<< ($URL)
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException     + FullyQualifiedErrorId : DotNetMethodException

I am using a commercially signed certificate and triple checked that the CA root certificates are in the right places. 

Doing some research I came across this thread on SSL/TLS Trust Relationship. Simply overriding the server certificate validation callback to blindly accept everything did the trick:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

Not feeling totally comfortable with that, I decided to do more research and found a post about Managing Trusted Root Authorities for Claims Authentication in SharePoint 2010 Central Admin. This led me to try the following:

  1. Central Administration->Manage Trust
  2. New (trust relationship)
I added my Root Authority Certificate and now I don't have any more trust issues. Well, my Powershell script doesn't - I still don't trust anybody :-) 

No comments:

Post a Comment