Part of the migration process included upgrading their Info Path forms to 2010 and making sure that everything worked properly. Upgrading the forms involved little more than downloading the xsn and republishing the forms to the new libraries.
One of the forms used a web service call to the User Profile Service to extract information about the currently logged in user. When I opened the form I received the following error:
You do not have permissions to access a Web service that provides data required for this form to function correctly.
Further digging in the Server Event Viewer produced the following:
An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=
Further research pointed to the fact that although the SSL certificate was functioning properly in IIS, SharePoint requires that the SSL certificate be imported into the SharePoint Trusted Root Store in order for the SharePoint web services to function properly.
In short, I had to export the cert and then import it.
To export the cert, open the site in your browser, click on the lock icon to the right of the address bar, and choose "View Certificates" :
Next, select "Details" tab and choose "Copy to File". Save the file to your selected location.
Next step is to import the cert into the SharePoint Trusted Root Authority. This is done using the Power Shell script below, making sure you reference the correct cert.
$cert = New-Object
System.Security.Cryptography.x509Certificates.x509Certificate2("<path to cert file exported above>"); New-SPTrustedRootAuthority –Name “<pick a name for your cert>” –Certificate $cert;
Do an IIS Reset and test your form. It should be able to communicate with the SharePoint web services successfully now.
The only gotcha I have encountered is that if there are multiple certs, or a chain of certs; you'll have to repeat this process for them all.