Friday, September 30, 2011

Self-Signed Certificate (SSL), SharePoint Designer 2010, and a SOAP Service Connection... Making it work

If you are here you have probably at some point seen the dreaded message...

"The server returned a non-specific error when trying to get data from the data source.  Check the format and content of your query and try again.  If the problem persists, contact the server administrator."

Maybe even specifically whilst attempting to implement a SOAP Service Connection's data view into your ASPX page.  The SOAP service living on a server with SSL enabled and using a self-signed certificate.

Have no fear.  I am going to explain what leads you to this problem and how to correct it.

While setting up my ASP.NET Web Service I had a need to configure localhost to use SSL.  Once this was done I needed to add the service to SharePoint.  In my case, through the SOAP Service Connection GUI located in SharePoint Designer 2010.

The funny thing with Designer is that it attempts to hit the web service through your local machine, but it validates your SSL on the actual SharePoint site (even if you are pointed to a non-local instance of SharePoint).  It does this because of the DataFormWebPart that is being placed in the page.  This paradox hoses up your ability to test the Web Service if you haven't told SharePoint to trust your certificate.

It is really simple to correct this problem.
  1. Export your certificate using the Microsoft Management Console.
    1. Make sure you choose DER Encoded Library X.509 (.CER).
  2. Open your Central Administration site in SharePoint.
  3. Click on the Security heading.
  4. Under General Security you will want to select Manage trust.
  5. Enter the name of your trust relationship and point to the .CER location.
  6. Click OK.
  7. You may or may not need to perform an iisreset.
That is it.  Your Web Service should now work, using SSL, and on your local machine.  You may have to fiddle around with your WSDL url in the Data Sources area of SharePoint Designer.  Try https://localhost and https://127.0.0.1 and even try https://yourpcname.  You may also need to include the port (443) on your url.

I hope this helps.