Server Certificate Failed Validation Error in .NET

This error message almost always means that your system does not have the correct trusted anchor certificate installed. The connector class validates the phiMail or phiQuery server at the time of connection using the EMR Direct Trust anchor, which is included in the SDK so you will encounter this error before you are able to connect to the phiMail or phiQuery server.

It is possible that you have the production anchor installed instead of the sandbox anchor or vice versa. Another reason why your system is throwing this error is that the anchor certificate has been inadvertently deleted or was not correctly installed. In addition to that, if your software uses the "SetServerCertificate(..)" method in your code, then that method also needs to point to the correct trust anchor certificate file.

For Windows, you can use the "mmc" tool to add the root certificate, which can be downloaded from http://certs.emrdirect.com/EMRDirectTestCA.crt for the sandbox and https://www.emrdirect.com/phicert/index.html for production, to the "Local Computer\Trusted Root Certification Authorities" certificate folder on your server.

To confirm that your server validation certificate is installed correctly, the certificate needed for the Sandbox environment will appear like this within your Trusted Root Certification Authorities folder:



The certificate for the production environment will appear this way in the Trusted Root Certification Authorities folder:



If your Trusted Root Certification Authorities folder is not the same as the figure above, you will need to launch the certificate management tool by right clicking on the "Start" icon and select Run… and enter "mmc". Click "File" on menu bar and select "Add/Remove Snap-in…" Next, select Certificates and Click "Add >". Select "Computer account" on the Certificate snap-in pop-up and click "Next >". Select "Local computer" on the Select Computer pop-up and click "Finish". Click "OK" on the Add or Remove Snap-ins pop-up. In the mmc window, expand Certificates, then right click on "Trusted Root Certification Authorities" and Select "All Tasks > Import…" to launch the Import wizard. Click "Next" in the Certificate Import Wizard window. Click "Browse" to open the File Selection tool. Select the correct Trust Anchor file for testing or production ending in the extension .crt in the File Selection window and click "Open" at the bottom right. Then click "Next". Confirm that "Trusted Root Certification Authorities" is in the field labeled "Certificate store" then click "Next" and "Finish" in the Certificate Import Wizard window. You should see a success message and click "OK". In the mmc window, expand "Trusted Root Certification Authorities" and Select "Certificates" to show the list of trusted certificates. Confirm the certificate imported appears in the list. If the certificate does not appear as shown above, the import was not successful and you will need to reinstall the server validation certificate.

If your system has not made any successful connections to our server, please make sure that connections to our server are not blocked by that system or its firewall.

If the above does not resolve the issue, please send to support@emrdirect.com a screen shot of your certificate store, your relevant code where you are referencing the root certificate (if your software uses the SetServerCertificate(..) method), your IP address where you're connecting from, and the version number of the phiMail connector library you are currently using.


Did this article answer your question? If not, please contact us.