I extended the site to port 80, and the functionality works fine without SSL.
Ok - I finally found out what the problem was. Apparently Sharepoint has it's own Certificate store, and my CA's Trusted Root certificate was not in there - thus, it wasn't trusting the connection. I found an article that helped (http://blogs.technet.com/b/blairb/archive/2010/08/18/using-ssl-with-sharepoint-2010-send-to-connections.aspx). To fix it on my server, I created a new directory called certs and downloaded the GoDaddyTrustedRoot.cer file into it. I then opened a Windows Powershell and executed the following commands:
Add-PSSnapin Microsoft.SharePoint.PowerShell
$rootca = New-Object System.Security.Cryptography.x509Certificates.x509Certificate2(“c:\certs\GoDaddyTrustedRoot.cer”)
New-SPTrustedRootAuthority –Name “GoDaddy Root CA” –Certificate $rootca
After running an IISRESET, everything is working fine.
EXCELLENT! I was afraid there might be some problem opening a file via SSL with xslEmailTransform. Glad to see you got it figured out.
I had the same certificate issue as tbarber and wanted to expand on the solution in case it helps others searching for the answer. My site is set up using SSL and my log showed the same errors, pasted here for search engines:
An operation failed because the following certificate has validation errors:
The root of the certificate chain is not a trusted root authority.
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at Visigo.Sharepoint.FormsBasedAuthentication.Email.SendEmail(SPWeb web, String emailTo, String xsltTemplateFile, IDictionary xslValues)
SendEmail failed
System.Exception: Error sending mail notification at Visigo.Sharepoint.FormsBasedAuthentication.MembershipRequest.ApproveMembership(MembershipRequest request, SPWeb web)
I followed the steps to add the certificate via PowerShell, but still had the problem. Then I saw this article on Technet about multiple certificates in the path: http://social.technet.microsoft.com/Forums/is/sharepoint2010setup/thread/03dac22b-aa18-4a4f-b1e6-ac2af8665ae6
I checked mine and sure enough, there were two additional "parent" certificates above mine. By this time I had run across another blog post that detailed how to add the certificate through Central Administration: http://blogs.technet.com/b/speschka/archive/2010/07/07/managing-trusted-root-authorities-for-claims-authentication-in-sharepoint-2010-central-admin.aspx
I exported my two additional certificates and added them through Central Admin, and without needing to do IISRESET, the Approval and Rejection emails from the Membership Request list immediately started working.
Thank you tbarber for your documentation on the fix. I'm sure I'll be back here next year when the certificate expires and emails stop going out :)
ttrout wrote:
You may need to add the mailsettings info to your web.config of the FBA site. Here's what I have in my config:
<system.net> <mailSettings> <smtp deliveryMethod="Network" from="email address"> <network host="email server" port="25" /> </smtp> </mailSettings> </system.net>This is a child of the <configuration> tag.
-- Travis Trout
Just a note that adding this can cause some issues with how the FBA Pack works. The emails will be sent directly by the membership controls, instead of by the FBA Pack using the xslt templates. The FBA Pack should work using SharePoint's email settings. If you are using an SSL Certificate, the root of that certificate needs to be trusted by SharePoint: Central Admin -> Security -> Manage Trust.
I was getting an error when the library try to send any email in my SSL Web Application (with Windows authentication). If I extend to a 80 port, it worked ok.
My problem was that my SSL Web Application is configured in IIS to require a Cliente Certificate. It cause thar the FBA library not could read the xslt template when execute the function "xslEmailTransform.Load" (error 404).
The solution, in my case, was disable the requierement of Client Certificate in IIS for the "/_layouts/FBA/emails" folder.
I had a similar issue as above and after weeks of troubleshooting finally found my issue. I had the FBA pack working 100% in dev but no matter what i tried couldn’t get it to work in Prod. Was getting an exception
"System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond "when it tried to load the XSLT.
The solution for me included the certificate issue above but also was related to the DNS IP address. Our site is NAT'ed behind a firewall and the IP of the server is not the same as the public IP. The IP that the code had gotten was the External IP. Then it clicked, on Dev i had added local host entry’s to test access to the site (hence local DNS IP to 127.0.0.1). After a quick change on production to test, registration and other email related controls worked first time.
With a temporary fix in place, I now need to find something a bit more unwavering.
Hopefully this helps someone else.
Just an FYI, as of version 1.3, the xslt/ssl loading errors should no longer be happening due to a change in the way the xslt is loaded.