The secure sockets layer (SSL) certificate sent by the server was invalid and will not be crawled RRS feed

  • Question

  • While reviewing the crawl log of a new farm, I came across several crawl errors presenting this error message:

    • The secure sockets layer (SSL) certificate sent by the server was invalid and will not be crawled

    Checking each instance, I found that one involved an instant redirect to a page that no longer existed hosted on a website within the organization.  Another instance involved a page that also featured a redirect, but with a time delay of 10 seconds, that redirected to a page outside of the organization.  Lastly, there were several instances of this error associated with various pages that had instant redirects to pages on other websites within the organization (but hosted by other systems).  Common to all of these instances was a redirect.  Checking each of the destination pages, I found that the destination page certificate was valid and presented no problems when navigated to by any browser type. Given that the certificate on my SharePoint web application is valid, and the certificate associated with each of the destination pages is valid, why is my SharePoint farm's crawl surfacing these pages as a certificate error?

    Thursday, July 9, 2020 1:57 PM

All replies

  • This sounds like a DNS issue. Do an nslookup from your search server -- does it resolve to the correct location and does that location have the proper SSL cert? You can use IE from the server to see if the cert appears to be valid to the local server. You didn't mention if you checked these server-side so I just wanted to verify.

    Trevor Seward

    Office Apps and Services MVP

    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, July 9, 2020 5:03 PM
  • Thanks Trevor.  Here are the details in response:

    • One dnslookup returned a nonexistent name (this was expected, since the page could not be found and the site could not be navigated to).
    • One dnslookup returned the expected name (and no alias), and the site could be navigated to and its certificate displayed in the browser as valid.
    • For the other dnslookups, the "Name" unexpectedly presented the same URL but with an additional subdomain; they also returned an "Alias" the same as the expected URL; it also returned an IPV6 address in addition to the IPV4 address; and the sites could be navigated to and their certificates displayed in the browser as valid. I would add that the certificate was issued to the expected (in this case Alias name) and not the unexpected name featuring the additional subdomain.

    Thursday, July 9, 2020 5:41 PM
  • Hi Stephan,

    You can try ignore SSL Certificate Name warnings :

    1.In Central Administration, in the Quick Launch, click General Application Settings.

    2.On the General Application Settings page, in the Search section, click Farm Search Administration.

    3.On the Farm Search Administration page, in the Farm-Level Search Settings section, click the value of the Ignore SSL Warnings setting

    If the problem persists, please try clearing the configuration cache and doing an IISRESET, then check if the issue is resolved.

    Best regards

    Itch Sun

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    • Proposed as answer by Michael Han6 Monday, July 13, 2020 8:54 AM
    • Unproposed as answer by Stephan Bren Monday, July 13, 2020 12:44 PM
    Friday, July 10, 2020 6:26 AM
  • Thanks Itch Sun, but switching off SSL warnings would not be an acceptable solution in this case, as this would present a security violation.
    Monday, July 13, 2020 12:46 PM