You may be getting this specific issue :-
The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode.
This issue can be resolved as follows :-
Create new domain certificate.
- Go to Open IIS > [Your server name] > Server certificates
- Go to “Create new domain certificate” on the right-hand side
- Enter the machine name as the common name “AX2012R2A”
- Enter “Contoso” for organization name (Doesn’t really matter, enter anything)
- Click next, use the local CA, the only one in the list.
Change binding on the real-time service and Async server websites.
- In IIS, select the RTS website usually called “RealTimeServiceWebSite”
- Select bindings on the right-hand side
- Open the https binding and change the certificate to the one you just created
- Repeat this for the Async server website.
Change the thumbprint in the real-time service
- In IIS go back to “Server certificates”
- Open your new certificate
- Go to details, scroll down to “Thumbprint”
- Copy the value and paste it into Wordpad (Important, must be WordPad as there are special chars in the beginning of the value that you will not see in notepad)
- You will see that there is a new line that is also added. Remove it, it is a special char you cannot see.
- Remove the spaces, you should end up with something like this
946e6d74ca2cd6b1ac6404a526f3693c1f35a178
- Go to the web.config for the real-time service located at
"C:\Program Files (x86)\Microsoft Dynamics AX\60\CDX\Real-time Services\6.3\web.config"
- Locate this line
<serviceCertificate findValue="[SOME HEX DECIMAL VALUE]" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
- Replace [SOME HEX DECIMAL VALUE] with your thumbprint
- Restart IIS
Dynamics + Sitecore = Commerce 
Thanks for this, I’ve been chasing this issue for a little while now. Unfortunately your instructions aren’t lining up exactly with what I am seeing. Maybe you can suggest something? I am also working against the 2012 R3 image.
When the “Create Domain Certificate” wizard pops up I enter the the machine and organization information, but it doesn’t let me proceed until I fill out the remaining unit, city, and state information. I fill that out with some information and move to the next page where I select the only available CA “contoso-AX2012R2A-CA\AX2012R2A.contoso.com”. I then provide a friendly name and click “Finish” but an error pop-up displays with the message “The certificate request was submitted to the online authority, but was not issued. The request was denied.”
Do you have any suggestions regarding how to proceed? Thanks!
LikeLike
Thanks for this, I’ve been chasing this issue for a little while now. Unfortunately your instructions aren’t lining up exactly with what I am seeing. Maybe you can suggest something? I am also working against the 2012 R3 image.
When the “Create Domain Certificate” wizard pops up I enter the the machine and organization information, but it doesn’t let me proceed until I fill out the remaining unit, city, and state information. I fill that out with some information and move to the next page where I select the only available CA “contoso-AX2012R2A-CA\AX2012R2A.contoso.com”. I then provide a friendly name and click “Finish” but an error pop-up displays with the message “The certificate request was submitted to the online authority, but was not issued. The request was denied.”
Do you have any suggestions regarding how to proceed? Thanks!
LikeLike
Hey there, I have recieved this issue a couple times. It is usually caused by an issue with the system clock. You might get something in the event viewer about it. I would try changing the time zone to something like EST and try creating the CA again.
LikeLike
I got the same error, when I Logon as Administrator on the machine it solved it.
LikeLike
Hi Websterian,
I tried the solution suggested by you but still getting same error. Also one issue is I am not able to find “web.config” file in Async folder.
So can you please guide to solve this issue.
LikeLike