I just got to the bottom of what was a pretty painful problem.
We are working on a project that requires integration with LinkedIn, something we were really looking forward to. During our research we found some great code samples out there, so a big thanks at this point to the following people for their community submissions:
http://sp2010linkedin.codeplex.com/ by Stef van Hooijdonk (thanks Stef) http://stefvanhooijdonk.com/2010/03/22/sp2010-and-linkedin-workin-together/
http://msdn.microsoft.com/en-us/library/ff512786.aspx thanks to Andrew Connell and Matthew McDermott
The problem was, we hit a snag very early on, in fact immediately after the 10 minute job required to set these solutions up. Looking around the net we could see that other people had the same problem, but we couldn’t find anywhere that it’d been solved.
The basic problem was that whenever we tried to “Opt In” to LinkedIn, essentially the bit where you swap over to the LinkedIn site so that you can authenticate and grant access to our SharePoint site, we received the following error:
“The remote certificate is invalid according to the validation procedure.”
In the event viewer we found:
“An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=api.linkedin.com, OU=Production Operations Group, O=LinkedIn Corporation, L=Mountain View, S=California, C=US\nIssuer Name: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA\nThumbprint: B78C501CA20EC4AA26FEF60BD2B85E36B8CDDB13\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..”
We did lots of tests, with the first thing being to check the certificates, try from different development boxes and access from a separate client machine. Nothing. I then fired up Fiddler and tried to see if there were any hints floating across the wire. There wasn’t.
We then setup both the projects mentioned above, only to find that both exhibited exactly the same problem. This led us to conclude that the problem was not in the code, but was something to do with the environment.
Going further, we decided to setup the LinkedIn sample from the LinkedIn Developer Toolkit:
Here we found that everything worked as it should, putting the focus firmly on SharePoint, there was something stopping this code from running correctly within the SharePoint Context.
The solution was in the realisation that SharePoint has its own certificate store, one that is separate to that of the operating system. Code called within the context of SharePoint refers only to that store. What I needed to do was identify the Root Certificate of the one used by LinkedIn, and then add it to the SharePoint certificate store.
I got the certificate from here:
Specifically, the “Class 3 Public Primary Certification Authority.cer” found inside this package: https://www.verisign.com/support/roots.zip
I then opened SharePoint Central Administration, and clicked through the following links:
Security –> Manage Trust
I then clicked on the “New” button, completing the form, and uploading the certificate file. Once completed, editing the entry looked like the below:
With this step completed, I went back to my LinkedIn sample application, clicked on “Opt-In” button to find that everything started working just as it should.
While in this case we were integrating with LinkedIn, my guess is that you are going to need to perform similar configuration steps for any SSL based Web Services you wish to integrate with inside of SharePoint. Hope that helps.