SSL handshake failure: certificate depth #3 error

Written By Tami Sutcliffe (Super Administrator)

Updated at August 23rd, 2021

.ssl handshake failure: certificate depth #3 error

These are the steps that should be followed on a machine having difficulty pulling local root certificates for x360Sync 

If the registration fails, then you should be able to copy Go Daddy certificates from a known good registered machine to the machine with the registration issue:

On a machine that has been able to register successfully, export Go Daddy root certificates.

1. From command prompt, type: mmc
2. On File Menu, select Add/Remove Snap-In
3. Select Certificates -> select Add -> select 'Computer account' -> Next -> Local computer: (the computer this console is running on) -> Finish -> OK
4. Drill down to Certificates -> Trusted Root Certification Authorities -> Certificates -> highlight both 'Go Daddy Class 2 Certification Authority' & 'Go Daddy Root Certficate Authority - G2' -> right click -> All tasks -> Export
5. Run Export Wizard -> Next -> select 'Personal Information Exchange - PCKS #12 (.PFX)' and leave defaults
6. Next -> check 'Password' checkbox -> assign and confirm password -> Next
7. Give certs a file name for reference and choose location to save it -> Next -> Finish
On the machine experiencing agent registration issue, import Go Daddy root certificates:
1. From command prompt, type: mmc
2. On File Menu, select Add/Remove Snap-In
3. Select Certificates -> select Add -> select 'Computer account' -> Next -> Local computer: (the computer this console is running on) -> press Finish -> press OK
4. Drill down to Certificates -> Trusted Root Certification Authorities -> Certificates -> right click -> All tasks -> Import
5. Run Certificate Import Wizard -> Local Machine -> Next -> browse to the PFX file, All files (*.*) -> Open -> Next -> enter password from exported .pfx file -> Next
6. Place all certificates in the following store, Certificate store: Trusted Root Certification Authorities -> Next -> press Finish
7. Once you receive notice the import was successful, try to register the agent. (It may be necessary to restart the Syncedtool service)

For On-Prem (NON SAAS), substitute GoDaddy certs with the certs that were issue for their server.