Adding service account credentials throws trust relationship error

This article will explain resolving the following error upon saving account credentials with either ShadowLink or ShadowPrint applications.


If you open a web browser and visit you should see the browser return an error about the connection being untrusted.  You will also see that instead of a padlock indicating a secure connection, you have a certificate error.  Upon clicking the certificate error, you get the following:


When you view the certificate and go to the certification path tab you'll find that Entrust is the certificate authority who issued our certificate:


This means that the Entrust certificates are not installed on this machine.  You can further verify this by bringing up a command prompt (Start > run > cmd) type MMC and hit enter to bring up the management console for that machine.  Go to File > Add/Remove Snap-In... > Select Certificates on the left, click add in the middle > Select Computer Account to manage the certificates for the machine > Select Local Computer > Hit OK to close the Add/Remove Snap-Ins window.

Expand the Certificates tree on the left > Expand the Trusted Root Certification Authorities tree > Select the Certificates folder to view the certificates in the middle pane.  The problem will be that these certificates are missing:

To install these certificates, go to the following link on the affected machine:

You will want to download and install these certificates:

Note that there are test sites for each, when you test prior to installation you should see the same certificate error seen earlier.  After installing when you view those tests sites it should no longer show a certificate error.  After downloading the certificates, install them by following these steps:

1. Bring up the management console for the machine again.  Under the certificates tree > Trusted Root Certification Authorities > select the Certificates folder.  Go to the Action dropdown next to File at the top > All Tasks > Import > Click Next > Browse to and select the Entrust certificates you have downloaded > Place all Certificates in the following store "Trusted Root Certification Authorities" > Click Finish to complete the certification install.  Perform this for both of the folders listed to browse to.

Verify that the certificate imports worked properly by going to the following link and viewing the test sites for the roots listed above.  They should no longer return a certificate error:

Now when you visit

You will see a page load with Username, Password, and other login fields. You do not need to log into anything here -- the padlock indicating a trusted connection is what we're looking for.


You should be able to now add the service account credentials to ShadowLink/ShadowPrint and start the service.