search cancel

WindowsLive Certificate verification fails


Article ID: 37647


Updated On:


CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On



We have configured a new federation setup for WindowsLive social media application. While we are trying to authenticate it is throwing a 500 error.

In the logs we are getting Certificate not verified exception. We are using certificate from URL:


CA Secure Cloud 1.5X


This is basically because the certificate chain required for correct authentication is not that of, but that of . In particular the Microsoft, Baltimore and GTE_Cyber_Trust certificates need to be added to the root CA. Besides that make sure that you have the Verisign and Simantec certificates as well added to the root CA store in the cspadmin console.

If the error is caused by this missing certificate, looking at the federation trace, the following will be revealed

[01/22/2016][07:56:35][3755][78584688][1c0224c4-aab83f1f-a9958590-cb735e20-77e2158c-0ae][OAuthTunnelClient][handleAuthzServerRetrieval][Authorization Server Info: {SMCOverrideProtectionLevel=false, PartnershipName=WindowsLive_OAuth_Shell_Partnership, UserInfoURL=,

[01/22/2016][07:56:37][3755][78584688][1c0224c4-aab83f1f-a9958590-cb735e20-77e2158c-0ae][][dispatchMessage][Dispatcher object thrown unknown exception while processing the message. Message: Certificate not verified..]

[01/22/2016][07:56:37][3755][78584688][1c0224c4-aab83f1f-a9958590-cb735e20-77e2158c-0ae][][dispatchMessage][ Certificate not verified.


Access with any browser: when getting to the site hit on the padlock in your browser, see the certificates and export all of them. Install the site certificate in the Trusted Sites store in the csp console, and the certification authorities in the certificate chain in the CA store. Restart the policy server for the new certificates to be picked up correctly

Additional Information:

For a guide on how to set up windows live oauth partnership see: 


Release: CLDIDM99000-1.5-Identity Manager SaaS-for Business Users