The Certificate Chain Did Not End In A Trusted Root; The Server Is Not Sending All Required Intermediate Certificates…

MS Exchange

I was asked to look at a Customer’s Exchange 2010 ActiveSync publishing rule in TMG 2010, as the ActiveSync test in the Microsoft Exchange Connectivity test site was failing with the error “The Certificate Chain Did Not End In A Trusted Root”.

Cert Error

OWA publishing was working fine with the same SAN certificate from Digicert. I quickly ran the Digicert “Certificate Tester” tool, which I had written about in my previous article. Digicert threw an error as well, but this time it was much more clear as to which certificate was causing the issue. The error was “the server is not sending all required intermediate certificates”.

Certificate error

The problem is that the certificate doesn’t have all required certificates (root and intermediate) in the chain. There are two ways to solve this issue. If you would have used the “Export Certificate” option from your CAS server and imported it into TMG, it is likely that it doesn’t have all the required certificates. To rectify the issue, export the certificate from the “Certificates snap-in (Local Computer)”, selecting the option “Include all certificates in the certification path, if possible”.

Include all certs

Another easier fix is to use the DigiCertUtil tool, which I had written about in my pervious article. All certificates available in your machine will be listed while running the tool. Click on the “Repair” button to fix the certificate chain.

Repair Cert

Important point to note is that you HAVE to restart the server for the changes to take effect. Even though, you see the full certificate chain in the certificate after the repair, the server has to be restarted.

Other Popular Articles


MS Exchange

Scripting Agent Initialization Failed: “File is not found” Error During Exchange 2016 Setup

MS Exchange

EAC Access While Co-Existing Exchange 2013 With 2010

MS Exchange

Delete All Calendar Entries In An Exchange 2010 Mailbox

1 thought on “The Certificate Chain Did Not End In A Trusted Root; The Server Is Not Sending All Required Intermediate Certificates…”

  1. HI Rajith,

    Am use self-signed certificate for the 0365 migration, when I do a test connectivity for outlook connectivity from online getting this error, can you help me to resolve this issue. I have installed the certificate in trusted root and trusted publisher also.

    Error
    Certificate trust validation failed.
    ” The certificate chain didn’t end in a trusted root. Root”

    Reply

Leave a Comment