Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (0x800b0109). RRS feed

  • Question

  • Hi,

    I have published an orchestration as WS-HTTP  Port with transport level security. I have configured IIS to HTTPS protocol with "Client Certificate = Required".

    But I get the below error when I browse the service url in browser (the browser is prompting for selecting a client certificate and after selection I get this error.)

    "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (0x800b0109)"

    Even  though, I have installed the SELF SIGNED, ROOT CERTIFICATE in the trusted root authority store, and there is no NON-SELF SIGNED certificates in the trusted root authority store, Still I get the above error.

    Please can anybody tell me why this is happening and how to fix it.



    • Edited by Ram_BizTalk Thursday, May 17, 2018 5:54 PM more info
    Thursday, May 17, 2018 5:45 PM

All replies

  • Certificate chain implies that one of the parties in the chain is still untrusted.. so examine the certificate and on the certification chain portion examine each an every step... for some certificate there is a "trusted root" and then an "Intermediary" and then the certificate... if you have the root published it is possible that the intermediary is missing giving you this error....

    If the service is in your control, browse through IE and see if the certificate shows valid or otherwise... if otherwise outbound calls from BizTalk will fail !!


    Friday, May 18, 2018 5:25 AM
  • Hi,

    It looks that 'Intermediate' certificate is missing for the Orchestration you published in IIS.

    I would suggest to configure the intermediate certificate by following below steps,

    Step 1:  Download the new Standard root certificate

    Step 2:  Import the Intermediate CA Certificate for Microsoft IIS customers

        Open Microsoft Management Console (MMC), click Start > Run > enter MMC > OK
        From the console, select File or Console > Add/Remove Snap-In
        From the list, select Certificates > Add > Computer Account > Local Computer > OK
        From left menu, expand Server Name > Certificates(Local Computer) > Trusted Root Certification Authorities > Certificates
        Right-click Certificates folder > select All Tasks > Import
        This will open the Certificate Import Wizard > click Next
        Browse to the location of the intermediate certificate > select Next
        Select Place the certificate in the following store:  Trusted Root Certification Authorities
        Click Finish
        Stop and restart the IIS or website

    Hope this Helps!!!!!

    (Please Mark as Answered if you satisfy with Reply)

    Friday, May 18, 2018 6:31 AM
  • Hi,

    I have checked several times in the certificate store (both currentuser and localmachine) all the certificates are SELF SIGNED (i.e. IssuedBy and IssuedTo are same ). so there are not intermediate certificate at all in my computer and the same certificate is its own root.

    still I get this error



    Friday, May 18, 2018 9:22 AM
  • Could it be related to this issues?

    Check if you can open your self-signed certificate and it is valid


    Friday, May 18, 2018 9:38 AM
  • Hi,

    I'm stuck on the same problem.... did you find a solution?



    Wednesday, September 19, 2018 1:33 PM