Error: The root of the certificate chain is not a trusted root authority – Register-SPWorkflowService – SharePoint 2013

November 15, 2014 / Kannan / 4 Comments

When I was trying to register Workflow Service with SharePoint 2013 Server, I was getting error “The root of the certificate chain is not a trusted root authority”.

The reason for this error is while registering the service we point to workflow site with https as shown below, this site has a certificate which the SharePoint server doesn’t trust.

Register-SPWorkflowService –SPSite “http://spapp/sites/dev/” –WorkflowHostUri “https://wfserver:12290/” –AllowOAuthHttp

There are 2 things to check.

  1. Check if the WorkflowHostUri is having a Fully Qualified Domain (FQD) instead of machine name.
  2. Check if the SharePoint server trusts the workflow site’s certificate

1. Use FQD. Hence instead of using machine name for WorkflowHostUri, use full domain name, like https://wfserver.domain.com:12290/
2. Make sure the SharePoint Server trusts the certificate of Workflow site. For that do the following

  1. In the server browse the site https://wfserver.domain.com:12290/ and check if you get Certificate trust error, if so proceed to next point
  2. Start Management Power Shell as Administrator in the workflow server and run the following 2 commands
  3. $rootCert = (Get-SPCertificateAuthority).RootCertificate
  4. $rootCert.Export(“Cert”) | Set-Content C:\SharePointRootAuthority.cer -Encoding byte
  5. Navigate to the SharePoint Server and open run or command prompt and type MMC and hit Enter. This will open Console1.
  6. In Console1 navigate to file in the ribbon menu and select “Add/Remove snap-in”
  7. Add “Certificates” to the right hand side and then click “OK”. You will prompted with the Certificates snap-in. I selected “Computer account”>Next>Local computer>Finish>OK
  8. Import the certificate “C:\SharePointRootAuthority.cer” into “Trusted root certification authority” location. You can complete this by right clicking on “Trusted root certification authority” and selecting All Tasks > Import

Source:
Microsoft MSDN Forum, EPM Partners

Print 🖨 PDF 📄 eBook 📱

#Certificate#SharePoint 2013#Workflow Manager#Workflow Service

Comments

  1. Daniel
    February 16, 2015 - 10:24 PM

     

    Hi really good post. Is there a caveat to this when you attempt to repeat the above instructions on a single server, as in when the workflow manager is installed on the dev server.  I am still getting the error after the import.

     

    Daniel

     

     

  2. vishal goyal
    February 18, 2015 - 1:20 PM

    I am getting the same error :The root of the certificate chain is not a trusted root authority.

    I have installed Workflow manager on same server on which Sharepoint has been installed.

     

    Is is needed to install Workflow manager on the separate server?

     

     

  3. SonicVader
    March 3, 2015 - 4:56 AM

    Thank you, great post, it helped me past this error 🙂

  4. SHredevi
    January 3, 2017 - 5:14 PM

    Thank you for the solution. It worked for me.

Leave a Reply

Your email address will not be published / Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.