Pages

Subscribe:

Saturday, June 29, 2013

SharePoint 2013: SSL policy errors have been encountered. Error code '0x2'

After configuring SSL for SharePoint 2013, you may get the blank screen when you open the site in the browser. 

After Investigating and checking the Logs in Event viewer, got the error for the SSL


Errors:  SSL policy errors have been encountered.  Error code '0x2'..

RESOLUTION
Go to your SharePoint site web.config and add the following line within <system.net> tag:
<settings>
<servicePointManager
checkCertificateName=”false”
checkCertificateRevocationList=”false”
/>
</settings>

That fixed for me... !!! 

Configuring SSL for SharePoint 2013

SharePoint 2013 supports use of SSL, and it is a requirement when integrating federated authentication. To establish a certificate for SSL, the process typically goes something like this:
For development purposes and demonstration, purchasing of an SSL certificate might seem overkill. Fortunately, we can generate self-signed certificates, via IIS. These self-signed certificates are untrusted, because a trust source has not signed them, but they provide a suitable free alternative for demonstration and development. 
The following steps detail how to create a self-signed certificate for SharePoint 2013, via IIS:

1. Open Internet Information Service Manager 7.
2. Click the server name in the left navigation tree and then double-click the Server
     Certificates icon on the right, under IIS section
3. Click the link to create a self-signed certificate.
4. Give the certificate a friendly name, and then click the OK button.
5. Double-click the Self-signed certificate to see the details.
6. Click the Details tab and then click the button to copy the certificate to a file.
7. Click the Next button.
8. Select the option to not export the private key, then click the Next button.
9. Choose the export format (I chose the default DER format) and then the Next button.
10. Give the certificate a file name and browse to a location on disk.
11. Click the Next button, then Finish button to export the certificate to the file.
12. Open the Microsoft Management Console (MMC.exe).
13. Add the certificates snap-in for the computer account and local machine.
14. Import the certificate into the Trusted Root Certificate Authorities node.
15. Import the certificate into the SharePoint node.

In the preceding steps, we have created a new certificate and allowed the local server to trust the certificate by adding it to the Trusted Root Certificate Authorities store. This avoids annoying messages in Internet Explorer about untrusted certificates. Even though we trust the certificate, we have to inform SharePoint it may trust the certificate also, via the steps that follow:

Note: Never use self-signed certificates in production or non-development environments.

16. Open Central Administration.
17. Click the Security header.
18. Click the link to manage trust.
19. Click the new icon from the ribbon.

20. Provide a friendly name and browse for the certificate (CER) file in the dialog

21. Click OK.

Now, we need to associate our new self-signed certificate with our web application in IIS, as follows:

22. Return to IIS Management.
23. Click the SharePoint application in the left navigation, under Sites.
24. Click the Bindings link (on the far right).

25. Click the Add button.
26. Choose HTTPS, and select the certificate to use



27. Click OK to complete the binding configuration.

Lastly, with the new SSL domain binding in place, we must create a new Alternate Access Mapping for the application so SharePoint understands requests coming in on the new SSL URL:

28. Open Central Administration.
29. Click the Application Management heading.
30. Click the link to configure alternate access mappings.
31. Click the button to edit public URLs.
32. Change the Alternate Access Mapping Collection for the correct web application.
33. Choose an empty zone and add the HTTPS URL (this should be the full domain name that

is listed for the self-signed certificate in IIS)
34. You can now access your web application on the new HTTPS/SSL URL