Integrating with External Systems over SSLLast Updated: 12/03/2015 Introduced in Verision: 2.0 |
When integrating with external systems over SSL, it is necessary to first establish a trust relationship between the Decisions server and the certificate provided by the external server. If this is not done, you may see an error like the following in your system logs:
Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
To fix or avoid this error, the Windows server must trust the signer of the SSL certificate sent by the external system, plus, if it is not a root certificate, every signer of every intermediate certificate in the certificate chain, plus the original root certificate signer.
SSL certificate management is a complex topic. For more information about managing SSL certificates, see http://msdn.microsoft.com/en-us/library/ms731899%28v=vs.110%29.aspx
Note: when modifying SSL stores in Windows Server, be careful to modify the store for the local machine or the account being used by Service Host Manager, if it is a different account than the default.