Error: The root of the certificate chain is not a trusted root authority – Register-SPWorkflowService – SharePoint 2013

November 15, 2014 / Kannan / 4 Comments

When I was trying to register Workflow Service with SharePoint 2013 Server, I was getting error “The root of the certificate chain is not a trusted root authority”.

The reason for this error is while registering the service we point to workflow site with https as shown below, this site has a certificate which the SharePoint server doesn’t trust.

Register-SPWorkflowService –SPSite “http://spapp/sites/dev/” –WorkflowHostUri “https://wfserver:12290/” –AllowOAuthHttp

There are 2 things to check.

  1. Check if the WorkflowHostUri is having a Fully Qualified Domain (FQD) instead of machine name.
  2. Check if the SharePoint server trusts the workflow site’s certificate

1. Use FQD. Hence instead of using machine name for WorkflowHostUri, use full domain name, like https://wfserver.domain.com:12290/
2. Make sure the SharePoint Server trusts the certificate of Workflow site. For that do the following

  1. In the server browse the site https://wfserver.domain.com:12290/ and check if you get Certificate trust error, if so proceed to next point
  2. Start Management Power Shell as Administrator in the workflow server and run the following 2 commands
  3. $rootCert = (Get-SPCertificateAuthority).RootCertificate
  4. $rootCert.Export(“Cert”) | Set-Content C:\SharePointRootAuthority.cer -Encoding byte
  5. Navigate to the SharePoint Server and open run or command prompt and type MMC and hit Enter. This will open Console1.
  6. In Console1 navigate to file in the ribbon menu and select “Add/Remove snap-in”
  7. Add “Certificates” to the right hand side and then click “OK”. You will prompted with the Certificates snap-in. I selected “Computer account”>Next>Local computer>Finish>OK
  8. Import the certificate “C:\SharePointRootAuthority.cer” into “Trusted root certification authority” location. You can complete this by right clicking on “Trusted root certification authority” and selecting All Tasks > Import

Source:
Microsoft MSDN Forum, EPM Partners