web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / A certificate chain co...
Microsoft Dynamics AX (Archived)

A certificate chain could not be built to a trusted root authority.

(0) ShareShare
ReportReport
Posted on by Community Member

LSRetailPosis.TransactionServices.EstablishConnection: System.ServiceModel.Security.SecurityNegotiationException: The X.509 certificate CN=TSServerCert chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
 ---> System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=TSServerCert chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.

 

Im using Self Signed Certificate at IIS, while accessing Inventory look up in Retail POS above is generated. Right now MS Dynamics 2012 R2 server and Retail POS client is installed on the same machine. I did try to import certificate in Trusted Root Certificate Authority but in vain.

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Community Member Profile Picture
    Community Member on at
    RE: A certificate chain could not be built to a trusted root authority.

    Import the certificate from IIS and install on the POS system.

  • Community Member Profile Picture
    Community Member on at
    RE: A certificate chain could not be built to a trusted root authority.

    Hello,

    Import the certificate from IIS and install on the POS system.

  • Community Member Profile Picture
    Community Member on at
    RE: A certificate chain could not be built to a trusted root authority.

    Create new self signed certificate and import on all related POS .

    Its working for me

  • slamb Profile Picture
    slamb on at
    RE: A certificate chain could not be built to a trusted root authority.

    Have you read AX for Retail 2012 R2: Troubleshooting the Real-time Service by Shane Erstad?

    Shane details this scenario in the post and I have resolved the same issue using the method he describes.

    [quote]Problem: Call to the Real-time Service results in an error similar to (POS error log): System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=TSServerCert chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.


    SecurityToken

    Solution:  One of the more difficult tasks in configuring the Real-time Service is getting your Server Certificate set up correctly.  If you are creating a test environment it is very likely that you are using a test or self-signed certificate.  If this is the case, all clients attempting to connect to the Real-time Service (i.e. your POS machines) need to create a trust chain with that server.  This step is not needed if you are using a purchased certificate because the publisher of that certificate is already a trusted authority.

    If you find yourself in this situation, you can run the InstallCertificationAuthority Powershell script that is included with the Real-time Service installation.  You will need a .cer file (certification authority) and a .crl (revocation list) to run the script.

    Alternatively, you can install the certificate on the POS machine itself: 

    1. Export the certificate from the Certificates > Computer account (see http://technet.microsoft.com/en-us/library/cc779668(v=WS.10).aspx for details)
    2. Copy the resulting .cer and/or .pfx files to the POS machine.
    3. Double-click each of the files and follow the Certificate Import Wizard to install the certificate.

    Note:  Keep in mind that you should not use a self-signed certificate in a production environment.  When you purchase your certificate from a trusted authority the POS machines will automatically create a trusted connection to the Real-time Service without having to install certificates.[/quote]

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Our Community Code of Conduct has been updated!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Dráb Profile Picture

Martin Dráb 2 Most Valuable Professional

#1
Guy Terry Profile Picture

Guy Terry 2 Moderator

#1
Mea_ Profile Picture

Mea_ 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans