SSL People Crawl Failure

Situation:   

We are crawling people profiles in an SP2010 content source using the URL - sps3s://portal_url  

sps3 -> http site
sps3s -> https site 

We get one top level error in the crawl logs and nothing is crawled from the content source: 

An unrecognized HTTP response was received when attempting to crawl this item. Verify whether the item can be accessed using your browser.  

ULS gives us what we see below: 

05-20-2012 18:17:48.47 mssearch.exe (0x2D80) 0x3F18 SharePoint Server Search Gatherer cd11 Warning The start address sps3s://portal_url cannot be crawled. Context: Application 'FAST_Query_SSA', Catalog 'Portal_Content' Details: An unrecognized HTTP response was received when attempting to crawl this item. Verify whether the item can be accessed using your browser. (0x80041204)        

On the server with the crawl component, we are able to log in as the content access account and browse to: 

https://portal_url
https://portal_url/_vti_bin/spscrawl.asmx - Here we can also see the XML SOAP templates for the web service.

On the server with the crawl component, we see the below two distinct Events in the application event logs, logged for the content access account: 

Log Name: Application
Source: Microsoft-SharePoint Products-SharePoint Foundation
Date: 5/20/2012 6:28:20 PM
Event ID: 8311
Task Category: Topology
Level: Error
Keywords:
User: <content_access_account>
Computer: HOSTNAME
Description:
An operation failed because the following certificate has validation errors:\n\nSubject Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCERTIFICATE_DETAILSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..

Event Xml:
<Event xmlns="https://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
<EventID>8311</EventID>
<Version>14</Version>
<Level>2</Level>
<Task>13</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2012-05-20T23:28:20.347950000Z" />
<EventRecordID>641962</EventRecordID>
<Correlation />
<Execution ProcessID="12332" ThreadID="11244" />
<Channel>Application</Channel>
<Computer>HOSTNAMEt</Computer>
<Security UserID="SID" />
</System>
<EventData>
<Data Name="string0">XXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
<Data Name="string1">XXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
<Data Name="string2">XXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
<Data Name="string3">The root of the certificate chain is not a trusted root authority. </Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-SharePoint Products-SharePoint Server Search
Date: 5/20/2012 6:28:30 PM
Event ID: 14
Task Category:Gatherer
Level: Warning
Keywords:
User: <CONTENT_ACCESS_ACCOUNT>
Computer: HOSTNAME
Description:
The start address sps3s://PORTAL_URL cannot be crawled.
Context: Application 'FAST_Query_SSA', Catalog 'Portal_Content'
Details:
An unrecognized HTTP response was received when attempting to crawl this item. Verify whether the item can be accessed using your browser. (0x80041204)
Event Xml:
<Event xmlns="https://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-SharePoint Products-SharePoint Server Search" Guid="{C8263AFE-83A5-448C-878C-1E5F5D1C4252}" />
<EventID>14</EventID>
<Version>14</Version>
<Level>3</Level>
<Task>137</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2012-05-20T23:28:30.191700000Z" />
<EventRecordID>641963</EventRecordID>
<Correlation />
<Execution ProcessID="11648" ThreadID="9832" />
<Channel>Application</Channel>
<Computer>HOSTNAME</Computer>
<Security UserID="SID" />
</System>
<EventData>
<Data Name="string0">sps3s://portal_url</Data>
<Data Name="string1">
Context: Application 'FAST_Query_SSA', Catalog 'Portal_Content'
Details:
An unrecognized HTTP response was received when attempting to crawl this item. Verify whether the item can be accessed using your browser. (0x80041204) </Data>
</EventData>
</Event>

 

The Fix:

After digging about for quite some time, we figured the crawl broke after the SSL certificates for the portal were replaced. We went to the Manage Trusts page on the central admin page - we saw that the old certificate [which was replaced], and this certificate's root certificate were uploaded there.

From IIS manager, we exported the new certificate which resided on the portal. Then we also exported the root certificate of this new certificate. We then imported these two certificates on the manage trusts page of central administration site. Post this we performed an IIS reset on all the servers in the farm. Post this the people crawl worked like a charm, without any errors.