Thursday, February 5, 2015

Nintex Workflow calling a web service fails because of SSL Trust

We're using a Nintex Workflow for sending some email notificatoins for a SharePoint 2010 customer.
The workflow has a "Call web service" action which is calling the top level Nintex Web Service at https://rootsitecollection/_vti_bin/NintexWorkflow/Workflow.asmx. Suddenly this has stopped working. The error we see logged when checking the workflow history is that one:

The SSL certificate is valid and has not expired, however we've just recently renewed it.
It's a DigiCert SSL certificate whcih is imported properly and assigned in IIS as it should be.
Now, for some reason it seems it's not trusted by the Nintex Workflow, but what's really happening backstage is that the SharePoint farm is not trusting that one, as it only trusts its local Root certificate by default. I saw the previous Root certificate of the SSL that we've renewed  was added in the Trust manually, however the root CA has changed (the vendor has done that on purpose after one of the SSL bugs discovered recently I believe)  so I've decided to add the new Root CA to the trusted root authorities of the farm:

foreach ($cert in (Get-ChildItem cert:\LocalMachine\Root))
    if (!$cert.HasPrivateKey)
        New-SPTrustedRootAuthority -Name $cert.Thumbprint -Certificate $cert

That worked. If you don't want to run the whole workflow, you can just get to the action that calls the Web Service and run it (the workflow has to be in Edit mode), good practice is to export it first.

No comments:

Post a Comment