How to export ServiceBus certificates to Client Machines?

Damir Dobric Posts

Next talks:



Follow me on Twitter: #ddobric




When you try to connect to service bus server from remote machine you might figure out following problem:

The X.509 certificate CN=yourhostname is not in the trusted people store. The X.509 certificate CN=yourhostname chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.

To solve this issue I would not recommend to get out certificates manually from Service Bus host machine and then to import them manually ! ! !

To do that go to Service Bus machine start the power shell and execute following statement:


This will create two files:


First file contains following self signed certificate:


The second one is the revocation list:


As next, copy these two files to the client machine which will be used to connect to service bus and open an MMC.
Go to add the Certificates snap-in, pick the Computer Account and Local Computer when asked.
Go to Certificates\Trusted Root Certification Authorities, open All Tasks, and Import AutoGeneratedCA.cer.
At the end go to Intermediate Certification Authorities and import AutoGeneratedCA.crl.

I have tried different methods to import certificates, but no one worked instead of described one.

Posted Dec 13 2012, 06:04 PM by Damir Dobric


Damir Dobric Posts wrote Windows Azure ServiceBus Visual Studio Explorer v1.8
on 01-01-2013 12:08

Visual Studio 2012 offers a new version of Service Bus Explorer which is fully integrated with Visual

DamirDobric wrote Prepare Development Machine for Workflow Manager
on 02-14-2013 8:03

If you want to develop workflows for Workflow Manager, you do not have to necessarily install the full is a .Net Community Blog powered by daenet GmbH.