Sitecore xConnect invalid Certificate

Encountering the “Invalid certificate” error in Sitecore xConnect? This quick guide explains how a simple IIS configuration change resolves the issue and gets analytics tracking back online.

Sitecore xConnect invalid Certificate

Since the release of xConnect, countless articles and blog posts have attempted to explain its complexities and frequent issues. While most focus on configuration problems or challenges accessing certificates from specific certificate stores, a less-documented error relates directly to IIS client certificate settings.

One such error is the "Invalid certificate" message, which results in analytics tracking failures and prevents xConnect from functioning correctly:

ERROR Cannot start analytics Tracker
Exception: System.InvalidOperationException
Message: Ensure definition type did not complete successfully. 
StatusCode: 401, ReasonPhrase: 'Invalid certificate'

Resolution

This issue typically occurs when the IIS client certificate settings for the xConnect services are misconfigured. To resolve it, update the SSL settings for the affected IIS site and set the client certificates option to either "Accept" or "Require".

This simple configuration change allows xConnect to correctly process client certificates and eliminates the invalid certificate error.