When configuring your Nintex Live or External settings, you may get a Certificate Validation error.

Reinstall the certificates installed by Nintex by performing the following steps:
 
1. Go to Central Admin -> Security -> Manage Trust
2. Delete the following Nintex Certificates: (PLEASE NOTE: certificates installed by Nintex may change in the future)
     a. Baltimore CyberTrust Root.crt
     b. GTECyberTrust Global Root.cer
     c. Microsoft Internet Authority.cer
     d. Microsoft Secure Server Authority.cer
     e. Thawte Primary Root CA.cer
     f.  Thawte SSLCA.cer
     g. Thawte SSL CA_SHA2.cer
3. Run installer up to this step then extract files to a folder on local machine
 

4. Navigate to ‘Certs’
 

5. Go back to Central Admin -> Security -> Manage Trust and upload certificates one by one. Please ensure certificate names are consistent.
 

6. Test the Live Connection again in Central Administration
 
 

PartialChain: A certificate chain could not be built to a trusted root authority. RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate. OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.

 

Not Time Valid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

The error can be produced under the Nintex.External.RelayService.exe in ULS logs.

 

This issue is not limited to the certificates offered by the Nintex Installer and may refer to certificates required by Microsoft Azure, since the Nintex External Platform is hosted in an Azure Datacenter. Capturing the error in a ULS log is the only way to find out exactly which certificate is problematic. If the error in question is related to Azure, download the certificate directly from Microsoft's Public Key Infrastructure (PKI) site.