Forum Discussion

Fluidtom_15505's avatar
Fluidtom_15505
Icon for Nimbostratus rankNimbostratus
Sep 12, 2011

Could not establish trust relationship for the SSL/TLS secure channel

Hi,

 

 

We have two F5 v10.1 in synch for our test environment.

 

We are currently testing migration scenario from SharePoint 2007 to SharePoint 2010.

 

We have one URL (https://test.domain.com), managed by an irule that redirects to a server pool with our SP2007 servers. If the url is https://test.domain.com/sp2010, all the traffic will be redirected to the server pool for SharePoint 2010. Note that we break the SSL at the F5 level, all our servers "behind" the F5 are in HTTP.

 

 

Everyting was running fine until we had to renewed the certificate for https://test.domain.com.

 

 

- We generate a new certificate in our CA

 

 

- We went to Local Traffic > SSL cert > Import and successfully imported the new cert.

 

 

- Then we went to Local Traffic > Profiles > SSL > Server and select the new cert and key and clicked on update

 

 

- Then went in Local Traffic > Virtual Servers > test.domain.com_https > and made sure the right profile was selected, clicked on update

 

 

- Performed a sync to the peer

 

 

 

Now the logs of both Sharepoint 2007 and 2010 are full of error message like these

 

 

 

SharePoint.PSNavigation.GetXslt exception: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

 

at System.Net.HttpWebRequest.GetResponse()

 

at Swift.Corp.SharePoint.PSNavigation.PSNavigation.GetXslt()

 

 

and

 

 

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Swift.Corp.SharePoint.PSKb.IM.EventReceivers.NintexWs.NintexWorkflowWS.StartWorkflowOnListItem(Int32 itemId, String listName, String workflowName, String associationData) at Swift.Corp.SharePoint.PSKb.IM.EventReceivers.Archiver.<>c__DisplayClass4.b__0() at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.b__2() at

 

 

 

 

Did we miss something on the F5 config?

 

 

Thanks in advance for your help!

 

 

 

  • Note that we break the SSL at the F5 level, all our servers "behind" the F5 are in HTTP.

     

     

    Then we went to Local Traffic > Profiles > SSL > Server and select the new cert and key and clicked on update

     

     

    what ssl profile did you use? i understand it must be clientssl profile (not serverssl profile).