Yahoo Certificate error + Yahoo web service
https://sharepoint.stackexchange.com/questions/221280
-
28-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian質問
Recently we have started receiving below error in Event Viewer. We googled for it but as per links we get it is to to do with SharePoint Security Token Service.
An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=*.yahoo.com, O=Yahoo! Inc., L=Sunnyvale, S=CA, C=US\nIssuer Name: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US\nThumbprint: 071211108F3C32CD7D3F9A5E94AC8C3EC3BF2FD7\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..
Any ideas for this?
解決
Well, as the error says: You'd have the (root) certificate trusted..
I'd suggest you go fetch the certificate manually and compare the root certificated with your trused ones.
Running a simple check using i.e. SSL-Checker it reports the following:
Common name: *.www.yahoo.com
SANs: *.www.yahoo.com, add.my.yahoo.com, *.att.yahoo.com, att.yahoo.com, au.yahoo.com, be.yahoo.com, brb.yahoo.com, br.yahoo.com, ca.my.yahoo.com, ca.rogers.yahoo.com, ca.yahoo.com, ddl.fp.yahoo.com, de.yahoo.com, en-maktoob.yahoo.com, espanol.yahoo.com, es.yahoo.com, fr-be.yahoo.com, fr-ca.rogers.yahoo.com, frontier.yahoo.com, fr.yahoo.com, gr.yahoo.com, hk.yahoo.com, hsrd.yahoo.com, ideanetsetter.yahoo.com, id.yahoo.com, ie.yahoo.com, in.yahoo.com, it.yahoo.com, maktoob.yahoo.com, malaysia.yahoo.com, my.yahoo.com, nz.yahoo.com, ph.yahoo.com, qc.yahoo.com, ro.yahoo.com, se.yahoo.com, sg.yahoo.com, tw.yahoo.com, uk.yahoo.com, us.yahoo.com, verizon.yahoo.com, vn.yahoo.com, www.yahoo.com, yahoo.com, za.yahoo.com, zed.yahoo.com
Organization: Yahoo! Inc.
Location: Sunnyvale, CA, US
Valid from May 18, 2017 to October 17, 2017
Serial Number: 06f514933f088b0b6e1361329815e769
Signature Algorithm: sha256WithRSAEncryption
Issuer: DigiCert SHA2 High Assurance Server CA
and in the chain:
Common name: DigiCert SHA2 High Assurance Server CA
Organization: DigiCert Inc
Location: US
Valid from October 22, 2013 to October 22, 2028
Serial Number: 04e1e7a4dc5cf2f36dc02b42b85d159f
Signature Algorithm: sha256WithRSAEncryption
Issuer: DigiCert High Assurance EV Root CA
Notice how the certificate is Valid from May 18, 2017 to October 17, 2017: Is it possible that you startet getting the error at May 18, 2017 ?
Like I said above - maybe a bit short on words - you need to trust the certificates.
You got good answers on msdn and collab365: Go export the new certificate from yahoo and trust that in your SharePoint. Use the following steps (Steps copied from Lee__li (MSFT CSG))
- export yahoo certificates
- Go to the Central Admin web site.
- Go to Security on Central Admin menu.
- Go to Manage Trust.
- Click on the New menu item.
- Specify a name for trust relationship.
- Select the SSL certificate you exported previously.
- Click OK.
To export a certificate you have to view it, first.
To view the certificate in chrome go to any yahoo page, hit F12, open the security tab and there hit view certificate
To view the certificate in IE go to any yahoo page, click the lock-symbol next to url and click view certificate
(I have no FF, so no screenshots using FF - but most probably it follows the same pattern as one of the other two...)
If you have a specific certificate opened, switch to the details tab and hit copy to file. Choose DER encoded as the export-format.
