How to re-create the local Trusted Root Authority For SharePoint 2013

Re-create the local Trusted Root Authority For SharePoint 2013

This might happen with an IT administrator, someone delete the trusted root certificate from Manage trust screen of share point. IT administrator have to re-create the local Trusted Root Authority For SharePoint 2013

Now a days Microsoft SharePoint is required in every small, medium and enterprise environment. Most of the times it work really well. You don’t need to do anything. Sometimes it creates problems as well. SharePoint administration works without any problem. The sites gives an error of 500 internal server error. The deep analysis of IIS logs can give you only 500, 0, 0, 93. You will never be able to find anything related to this error. Better find the ULSViewer and start monitoring the real time logs of sharpoint which surely will given you under listed error:

An operation failed because the following certificate has validation errors:

Subject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US
Issuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US
Thumbprint: DBFEB3526005F6B687774B8CAA8CD44FBADF9759

Errors:

PartialChain: A certificate chain could not be built to a trusted root authority.
RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.

To Further Check it!!!!

You need to check SSL certificate of sharepoint security token service by going into MMC. Go to SharePoint and click the certificate, Go to Certificate Path. There will be an error “The issuer of this certificate could not be found.” This means the certificate chain is broken.

Solution:

The solution is very simple, Open the SharePoint Power Shell in administrator mode and run the under listed commands. By running this command you will create the local trust relationship.

$rootCert = (Get-SPCertificateAuthority).RootCertificate
New-SPTrustedRootAuthority -Name “localNew” -Certificate $rootCert

Make sure you are using the farm administrator account on that machine where you are running these commands. Once you are done with successful running of the above commands, restart the IIS server by giving the IISReset command on command prompt or go to IIS server manager and restart the server.

I the above method