You may be getting this specific issue :-

The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode.

This issue can be resolved as follows :-

Create new domain certificate.

  • Go to Open IIS > [Your server name] > Server certificates
  • Go to “Create new domain certificate” on the right-hand side
  • Enter the machine name as the common name “AX2012R2A”
  • Enter “Contoso” for organization name (Doesn’t really matter, enter anything)
  • Click next, use the local CA, the only one in the list.

Change binding on the real-time service and Async server websites.

  • In IIS, select the RTS website usually called “RealTimeServiceWebSite”
  • Select bindings on the right-hand side
  • Open the https binding and change the certificate to the one you just created
  • Repeat this for the Async server website.

Change the thumbprint in the real-time service 

  • In IIS go back to “Server certificates”
  • Open your new certificate
  • Go to details, scroll down to “Thumbprint”
  • Copy the value and paste it into Wordpad (Important, must be WordPad as there are special chars in the beginning of the value that you will not see in notepad)
  • You will see that there is a new line that is also added. Remove it, it is a special char you cannot see.
  • Remove the spaces, you should end up with something like this
  • Go to the web.config for the real-time service located at
"C:\Program Files (x86)\Microsoft Dynamics AX\60\CDX\Real-time Services\6.3\web.config"
  • Locate this line
<serviceCertificate findValue="[SOME HEX DECIMAL VALUE]" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
  • Replace [SOME HEX DECIMAL VALUE] with your thumbprint
  • Restart IIS