• Not Answered

Sitecore XC 9.0.3 local install - TLS error

I am installing Sitecore XC 9.0.3 to an existing Sitecore 9.0.2 instance. I get the following error when Initializing Commerce

Importing Module => InitializeCommerce

[---------------------------------------------------------------------------- DisableCsrfValidation : DisableCsrfValidation ----------------------------------------------------------------------------]

[--------------------------------------------------------------------------------- GetIdServerToken : GetIdServerToken ---------------------------------------------------------------------------------]
Get Token From Sitecore.IdentityServer
Install-SitecoreConfiguration : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
At C:\Program Files\WindowsPowerShell\Modules\SitecoreInstallFramework\1.2.1\Public\Install-SitecoreConfiguration.ps1:253 char:21
+ & $entry.Task.Command @paramSet | Out-Default
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-SitecoreConfiguration

[TIME] 00:00:00
Transcript stopped, output file is C:\Dev\xc903\SIF.Sitecore.Commerce.1.4.7\CommerceEngine.Initialize.190722.log
Install-SitecoreConfiguration : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
At C:\Dev\xc903\SIF.Sitecore.Commerce.1.4.7\sage-Sitecore-Commerce.ps1:81 char:2
+ Install-SitecoreConfiguration @params -Skip CreateDefaultTenantAn ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-SitecoreConfiguration

[TIME] 00:04:34
Transcript stopped, output file is C:\Dev\xc903\SIF.Sitecore.Commerce.1.4.7\Master_SingleServer.190722.log
Invoke-RestMethod : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
At C:\Dev\xc903\SIF.Sitecore.Commerce.1.4.7\Modules\InitializeCommerce\InitializeCommerce.psm1:73 char:17
+ ... $response = Invoke-RestMethod $UrlIdentityServerGetToken -Method Post ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

XC creates the localhost certificate in the Local Computer store issued by DO_NOT_TRUST_SiteRootCert and this is assigned to the IIS website SitecoreIdentityServer. When visiting https://localhost:5050 I get NET::ERR_CERT_INVALID.  I have uninstalled, removed any certs, cleared the C:\certificates folder.  No IIS sites exist for XC.  I then reinstall and get the same error.

Any help would be appreciated.

1 Reply

  • Hi,

    I got this issue once in a Test environment. I don't know exact solution but you can try following:

    Give permissions to your identity server client certificate for your identity app pool user, follow below steps

    a. run mmc.
    b. select File >Add or Remove Snap-ins
    c. Select "Certificates" from available snap-ins.
    d. Select "Computer account" from manage certificate for list and click next.
    e. On next window keep Local Computer selected and click finish.
    f. Click ok.
    g. Open Certificates > Personal > Certificates
    h. select identity server client certificate, something like "identity.server".
    i. Right click > All Tasks > Manage Private Keys >Add
    j. Add your user and give full control ({Machine Name}\CSFndRuntimeUser)