Install the SharePoint Root Authority certificate in the Trusted Root Certification Authorities store. After the root certificate is added to the local certificate store, the certificate validation is no longer performed over the Internet. The below steps will cause the BuildChain to succeed by finding the certificate in the local store, therefore eliminating the need for the retrieval of an object from the network. The following steps have to be completed on each SharePoint server in the farm to add the root certificate to the local certificate store:
- Export the SharePoint Root Authority certificate as a physical (.cer) file. Start the SharePoint 2010 Management Shell as an Administrator,and then run the following Windows PowerShell commands:
$rootCert = (Get-SPCertificateAuthority).RootCertificate $rootCert.Export("Cert") | Set-Content C:\SharePointRootAuthority.cer -Encoding byte
- Import the SharePoint Root Authority certificate to the Trusted Root Certification Authorities store. To add the SharePoint Root Authority certificate to the Trusted Root Certification Authorities store, follow these steps:
Note "Administrators" is the minimum required group membership to complete these steps.
- Tap or click Start, type mmc in Start search, and then press Enter.
- On the File menu, click Add/Remove Snap-in.
- Under Available snap-ins, click Certificates, and then click Add.
- Under This snap-in will always manage certificates for, select Computer account, and then click Next.
- Select Local computer, and then click Finish.
- If you have no more snap-ins to add to the console, click OK.
- In the console tree, double-click Certificates.
- Right-click the Trusted Root Certification Authorities store.
- Click All Tasks, click Import to import the certificate, and then follow the steps in the Certificate Import Wizard.