Integrating with External Systems over SSL

Last Updated: 03/28/2018 Introduced in Version: 2.0

When integrating with external systems over SSL, it is necessary to first establish a trusted relationship between the Decisions server and the certificate provided by the external server. If this is not done, you may see an error like the following in your system logs:

Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

To fix and/or avoid this error, the Windows server must trust the signer of the SSL certificate that is sent by the external system, andĀ (if it is not a root certificate) every signer of every intermediate certificate in the certificate chainĀ along with the original root certificate signer.

SSL certificate management is a complex topic. For more information about managing SSL certificates, see http://msdn.microsoft.com/en-us/library/ms731899%28v=vs.110%29.aspx

Note: When modifying SSL stores in Windows Server (for an account that is not default), be careful to modify the store for the local machine or the account being used by Service Host Manager.

Additional Resources