Skip to Content
avatar image
Former Member

"Could not establish trust relationship for the SSL/TLS secure channel"

During the configuration of DUET_E , when calling the DUET Application from SharePoint, the following error is shown :

"Could not establish trust relationship for the SSL/TLS secure channel with authority 'MYSAPNW702SERVER:8001'"

I have already seen the Post :

error-in-duet-configuration-at-ssl

This mentions the error, but does not provide any answers on resolution.

The DUET_E troublshooting guide suggests that the SAP Standard SSL Certificate is added to SharePoint Central Admin > Security > Manage Trusts

This has also been done.

We are using the Standard SAP SSL Self signed certificate - not one signed by an external CA.

Can anyone provide any guidance ?

Thanks in advance.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Jan 07, 2012 at 06:28 PM

    Hi Minesh,

    we faced that exact same error message in our Duet Enterprise environment, also with a self-signed certificate without a root authority. In our case it had worked before, but suddenly this problem emerged.

    Within the SharePoint ULS Log the following exception was logged: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

    The cause appeared to be that the SSL imported certificate was no longer trusted on SharePoint side. You can check whether this is also your issue by inspecting the current state of the imported SCL certificate on the SharePoint side (SharePoint Central Admin -> Security -> Manage Trust).

    We did a new export of the SCL's certificate, re-import it into SharePoint, followed by an IISReset, and next it worked again.

    We did not take the SSL Certificate that was handed-over, but we called the HTTPS URL of the SCL server (taken from the Account.xml model). Then we exported the SSL certificate from the browser and imported this certificate to the SharePoint.

    Unclear why the certificate became untrusted in the first place. We had done a reboot of the SAP SCL server just before; it might be that this invalidated the earlier self-signed certificate and issued a new self-signed certificate...

    Best regards, William.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Excellent, thanks very much.

      We have been careful to use FQDN through out our installation, however as you have correctly pointed out the SAP SSL Server was created by default using the "Short Server Name".

      Recreating the SAP SSL Certificate as *.mydomain.com, and re-importing into SharePoint resolved the issue.

      Thanks once again.

      Min