Skip Ribbon Commands
Skip to main content

Point2Share | Daniel McPherson's SharePoint Blog

:

The zevenseas Community > Blogs > Point2Share | Daniel McPherson's SharePoint Blog > Posts > Calling an SSL Web Service from SharePoint 2010 (For example LinkedIn)
September 04
Calling an SSL Web Service from SharePoint 2010 (For example LinkedIn)

I just got to the bottom of what was a pretty painful problem.

We are working on a project that requires integration with LinkedIn, something we were really looking forward to. During our research we found some great code samples out there, so a big thanks at this point to the following people for their community submissions:

http://sp2010linkedin.codeplex.com/ by Stef van Hooijdonk (thanks Stef) http://stefvanhooijdonk.com/2010/03/22/sp2010-and-linkedin-workin-together/ 

and

http://msdn.microsoft.com/en-us/library/ff512786.aspx thanks to Andrew Connell and Matthew McDermott

The problem was, we hit a snag very early on, in fact immediately after the 10 minute job required to set these solutions up. Looking around the net we could see that other people had the same problem, but we couldn’t find anywhere that it’d been solved. 

Problem:


The basic problem was that whenever we tried to “Opt In” to LinkedIn, essentially the bit where you swap over to the LinkedIn site so that you can authenticate and grant access to our SharePoint site, we received the following error:

“The remote certificate is invalid according to the validation procedure.”

In the event viewer we found:

An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=api.linkedin.com, OU=Production Operations Group, O=LinkedIn Corporation, L=Mountain View, S=California, C=US\nIssuer Name: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA\nThumbprint: B78C501CA20EC4AA26FEF60BD2B85E36B8CDDB13\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..”

Testing:

We did lots of tests, with the first thing being to check the certificates, try from different development boxes and access from a separate client machine. Nothing. I then fired up Fiddler and tried to see if there were any hints floating across the wire. There wasn’t.

We then setup both the projects mentioned above, only to find that both exhibited exactly the same problem. This led us to conclude that the problem was not in the code, but was something to do with the environment.

Going further, we decided to setup the LinkedIn sample from the LinkedIn Developer Toolkit:
http://linkedintoolkit.codeplex.com/

Here we found that everything worked as it should, putting the focus firmly on SharePoint, there was something stopping this code from running correctly within the SharePoint Context.

Solution:

The solution was in the realisation that SharePoint has its own certificate store, one that is separate to that of the operating system. Code called within the context of SharePoint refers only to that store. What I needed to do was identify the Root Certificate of the one used by LinkedIn, and then add it to the SharePoint certificate store.

I got the certificate from here:
https://www.verisign.com/support/roots.html 

Specifically, the “Class 3 Public Primary Certification Authority.cer” found inside this package: https://www.verisign.com/support/roots.zip

I then opened SharePoint Central Administration, and clicked through the following links:
Security –> Manage Trust

I then clicked on the “New” button, completing the form, and uploading the certificate file. Once completed, editing the entry looked like the below:

image

With this step completed, I went back to my LinkedIn sample application, clicked on “Opt-In” button to find that everything started working just as it should.

Summary:

While in this case we were integrating with LinkedIn, my guess is that you are going to need to perform similar configuration steps for any SSL based Web Services you wish to integrate with inside of SharePoint. Hope that helps.

Comments

Suyog Patki

Thanks Mate, you saved me, worked like charm!!
System Account on 05/09/2010 22:00

Thanks!

Solved a mystery for us, thanks for writing.
 on 14/10/2010 08:19

OMG

This was a HUGE issue for me, thanks for the post.
 on 03/11/2010 21:46

Thanks Daniel

I suspect we'll be seeing a lot of issues with this as more businesses move to 2010.
 on 29/11/2010 09:04

This sounds like the solution I need, but...

I'm following the steps you took, as this could be the solution to my problem. Having downloaded the roots.zip file and located "Class 3 Public Primary Certification Authority.cer", I'm trying to add this to SharePoint Server 2010, but the "Establish Trust Relationship" form, but each time I try, SharePoint refuses to add the certificate, citing that ..

"The Root Certificate that was just selected is invalid. This may be because the selected certificate requires a password and we do not support certificates that require a password."

Any idea why that might be the case? Did you find any issues using the certificate initially that you had to overcome? Any ideas or thoughts would be appreciated.
 on 05/03/2011 06:43

Art

Thank you! In addition, Sharepoint registers its own certificate validation callback in static variable System.Net.Security.RemoteCertificateValidationCallback. That callback does all the checks and eventually rejects certificate if it isn't in sharepoint cert store.
 on 10/03/2011 14:10

It's good, But errors after 30 days

I have a sharepoint 2010 server site accessing secured web services like: https:/webservices. But after 30 days, the same error happened again like the error before the certificate installed.
 on 04/04/2011 09:57
 

 Statistics

 
Views: 4629
Comments: 2
Tags:
Published:1540 Days Ago