locked
SSL Problem RRS feed

  • Question

  • I have Sharepoint 2010 Enterprise.

    Earlier this month, its SSL Cert expired.   No big deal, created a new one, installed it in IIS and life is good.

    Here is where its a problem.

    Go anyplace in sharepoint, all looks good and is as expected.....UNLESS
    when I go to "SITE ACTIONS" -> "SITE PERMISSIONS" and click on a user i get the message
    "There is a problem with this website's security certificate."
    but if I click on a group, its fine.   when I get the cert warning, if I click continue, it goes just fine and once I am looking at the users sharepoint profile, the URL does not indicate there is a cert issue.

    What I did discover, is that when clicking on the user name (the action that displays the cert warning)  the cert sharepoint is giving, the cert with the servers name.   

    for example.     my sharepoint site is named   mysharepoint, thus users type in https://mysharepoint    
    the server name is sharepointserver.mycompany.com

    so when clicking on a user and get that cert error, the cert that SP is trying to give me is sharepointserver.mycompany.com    while everywhere else in SP the cert is mysharpoint

    Any ideas why SP is giving out a different cert when clicking on a user name?

    Wednesday, October 22, 2014 9:08 PM

Answers

  • The problem has been corrected.

    For some reason, when clicking on a user, it was trying to open a 'my sites' which was an odd port number.   There 'was' another website in iis at that port, but it never worked.   even though this other port was set for https, it never had a cert set for it.

    So i removed that web app, re-added it correctly, and all is good now.

    Thank all of you for trying to help.

    Tuesday, October 28, 2014 11:43 PM

All replies

  • Hiya,

    it would look like your missing a certificate binding on your MySite web application in IIS?

    Thursday, October 23, 2014 6:03 AM
  • No, it's there, otherwise the entire site would give that issue.

    everythign in teh site is SSL, but it's just when a user clicks on another users name to see their SP profile.

    Thursday, October 23, 2014 3:00 PM
  • What I did discover, is that when clicking on the user name (the action that displays the cert warning)  the cert sharepoint is giving, the cert with the servers name.  

    This indicates that a self-signed server certificate is used on a web application that is working with the sharepointserver.mycompany.com url.

    It could be a relative/absolute URL error or missing alternate access mappings or something similar. Was anything customized on the solution?

    Click the user should be a relative URL, meaning that it gets updated accordingly whenever you update Alternate access mappings etc.


    Friday, October 24, 2014 9:59 AM
  • Hi Spaz,

    Thanks for posting your issue, 

    I would suggest you to try the following steps, when you access secured website you may get this error message.
    1. Open Internet Explorer and verify that the page you are trying to view is listing a certificate error.
    2. To clear the certificate error goes to Tools --> Internet Options from the menu of IE 8.
    3. Click on the advanced tab and scroll down to the security section. Clear the boxes for: "Check for publisher's certificate revocation" and "Check for server certificate revocation".
    4. Click Apply and Ok.
    5. Attempt to reload the page by clicking the Refresh button at the end of the address bar or by pressing the F5 key. Your page should now load as expected.

    About certificate errors: http://windows.microsoft.com/en-US/windows-vista/About-certificate-errors

    I hope this is helpful to you, mark it as Helpful. If this works, Please mark it as Answered.

    Regards,

    Dharmendra Singh (MCPD-EA | MCTS)

    Blog : http://sharepoint-community.net/profile/DharmendraSingh

    Friday, October 24, 2014 10:19 AM
  • Exactly, thats what I'm saying.   For some reason, when clicking on a user, the cert that is being pushed out, is machine cert., while everywhere else on the site, is the correct cert.
    access mapping

    Here is what the link looks like when the mouse pointer is over a persons name:

    then when I click on the name:

    The cert its trying to give out


    That is the machine name...
    Then, clicking continue, it goes back to using the correct cert



    Also, in the Bindings for IIS, the machine cert is not even an option to select.
    Friday, October 24, 2014 3:40 PM
  • As a workaround, can`t you just add machine cert. into trusted CAs, so you will not get an alert message?

    Friday, October 24, 2014 4:08 PM
  • No need for that as just clicking continue does the job

    But the various managers that (for whatever reason) seem to click on peoples names, and telling them to just click on continue is about as useful as baptising  a cat. 

    But I really want to know why this is happening.

    Friday, October 24, 2014 4:14 PM
  • In order to resolve this issue, You need to install the certificate inside certificate console on every machine

    Run -> MMC -> File -> Add snapin -> Select certificates -> Computer Account -> import the certificate in "Trusted Root Certification Authorities"

    This needs to be performed on all the SharePoint servers in the farm.

    Monday, October 27, 2014 8:17 AM
  • Apart from what Pallav has suggest. You need to install certificate in SharePoint as well

    Once that .cer file is imported to certificate folder. 

    Open Central Admin > Security > Manage security >  Add the certificate here.


    If this helped you resolve your issue, please mark it Answered

    Monday, October 27, 2014 10:50 AM
  •   Inderjett, Already had it there.


    Monday, October 27, 2014 3:32 PM
  • Paul, Already had it there.
    Monday, October 27, 2014 4:20 PM
  • Did you restart IIS on all SharePoint server? If not, then follow below mentioned steps:

    Clear your IE cache

    Restart IIS

    Try browsing the site and pages again.

    OR

    Just reboot all SharePoint server and try browsing the site and pages again.

    Tuesday, October 28, 2014 3:39 AM
  • Yes, the machine has been restarted a couple of times.

    Im just curious on why in this one spot, it wants to give the machine cert, while everywhere else it give the one binded to IIS.

    Tuesday, October 28, 2014 3:01 PM
  • The problem has been corrected.

    For some reason, when clicking on a user, it was trying to open a 'my sites' which was an odd port number.   There 'was' another website in iis at that port, but it never worked.   even though this other port was set for https, it never had a cert set for it.

    So i removed that web app, re-added it correctly, and all is good now.

    Thank all of you for trying to help.

    Tuesday, October 28, 2014 11:43 PM