This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 98%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOT%3C/text%3E%3C/svg%3E)
Hello,
Get error on the SP2019 when try to mail enable library.
Details from the ULS logs:
An operation failed because the following certificate has validation errors: Subject Name: CN=MyServer Issuer Name: CN=MyServer Thumbprint: MyThumbprint Errors: UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . 616930a0-cd54-4062-e91a-9640c2b054c6
ListUpdate Failure: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolTok...
Application error when access /_layouts/15/EmailSettings.aspx, Error=The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolReque...
From what I found this might be related to the SharePoint Web Services. This service has https binding.
In my environment I have two WFEs, checked the service on each WFE from the IIS console - web service does not have SSL certificate assigned to the HTTPS binding, however SSL certificates are listed. One is expired, second is valid.
Hi @Oleg Tserkovnyuk ,
Great to know that it works now and thanks for sharing the update here.
By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others." and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:
[SP2019 error: An operation failed because the following certificate has validation errors]
****Issue Symptom:****
When we tried to mail enable library in SharePoint 2019, the following error will appear:
An operation failed because the following certificate has validation errors: Subject Name: CN=MyServer Issuer Name: CN=MyServer Thumbprint: MyThumbprint Errors: UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . 616930a0-cd54-4062-e91a-9640c2b054c6
In our SharePoint 2019 environment, I have two WFEs, checked the service on each WFE from the IIS console - the web service doesn't have an SSL certificate assigned to the HTTPS binding, but has an SSL certificate listed. One is expired, and the other is valid.
Current status:
The issue is caused by an expired SSL certificate used by the SharePoint Central Administration.
Fix this by removing the expired self-signed SSL certificate used by Central Administration.
You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community member's to see the useful information when reading this thread. Thanks for your understanding!
Thanks,
Echo Du
Hi @Oleg Tserkovnyuk ,
Since we're trying to access an HTTPS web service, we need to add SSL, which is still valid, to the SharePoint Trusted Root Authority.
Please follow the steps:
1.Go to Start >> Run >> Type MMC and then click on Ok.
2.In Microsoft Management Console, Click on the File >> Add\Remove Snap-in...
3.In the Add or Remove Snap-ins wizard, select Certificates from the available snap-ins and then click on Add.
4.Select My user account and click on Finish.
5.Certificate will be added and click on Ok.
6.In the left pane expand Certificates, and then expand Personal. Click on Certificates folder.
7.Right click on the certificate, click on All Tasks >> Export.
8.Certificate Export Wizard will pop up, click on Next.
9.In the Export File Format select DER encoded binary X.509 (.CER) format.
10.In the File to Export click on Browse..., select the location and enter the Name.
11.Click on Save, the certificate will be saved.
12.In the Certificate Export Wizard, click on Finish. You will be getting the following pop up, click on Ok.
13.Go to SharePoint 2019 Central Administration >> Security >> Manage Trust.
14.In the ribbon interface, go to Trust Relationships Tab >> Click on New button.
15.In the Root Certificate to trust relationship section, click on Browse.... Select the certificate that we have exported.
16.Certificate is imported to the SharePoint Trusted root Authority.
Here is a similar case for your reference:
Thanks,
Echo Du
=============================================
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Thank you for response.
Tried, unfortunately did not help.
In my case the certificate was located in the "Trusted Root Certification Authorities > Certificates".
Issue was caused by the expired self-signed SSL certificate used by Central Administration.
@Oleg Tserkovnyuk Have you resolved this issue by replacing the expired self-signed SSL certificate used by Central Administration?
By removing the certificate.
@Oleg Tserkovnyuk Thanks for your valuable feedback.
To make sure the thread is clear and close this thread, we will write a summary for this thread. If you have any concerns, please feel free to reply.