Troubleshooting Relying parties and Certificate issues

After replacing a certificate or installing LiveContent architect in combination with the internal STS, you might receive errors regarding relying parties, certificate, etc.
As well as these errors, you can also check the settings for the certificates (i.e. if a key has introduced hidden chars etc) - How to check if you have control characters in the thumprint you copied from a certificate
To check the install of a new certificate see: 
LiveContent 2014 v11 - Update Certificate in architect 11.x
LiveContent 2016 v12 / Knowledge Center 13 (v13) - Update Certificate in Knowledge Center/Tridion Docs - Content Manager/Architect 12.x/13.x

Please see the table for an quick overview of messages and errors:

Validation failed for one or more entities. See 'EntityValidationErrors' property for more details.

Note read the description carefully to which situation it applies; compare the error message and the details to make sure that you have the correct solution.

HTTP 401 Error

The X.509 certificate CN=[...] is not in the trusted people store

When you connect to LiveContent Architect or Knowledge Center Content Manager WebUI with a web browser you  see the error message The X.509 certificate CN=[...] is not in the trusted people store.
CN=... is the subject name of a certificate used by the installation.

For further information, see Article - The X.509 certificate CN=[...] is not in the trusted people store
 

Error: 'ID1039: The certificate's private key could not be accessed

Error "ID1039 is given when trying to login. 
For further information, see Article - Error: 'ID1039: The certificate's private key could not be accessed and The certificate's private key could not be accessed.
 

Server error in '/InfoShareAuthor' Application

After a certificate change when trying to access the web client you get the error - "Server error in '/InfoShareAuthor' Application".
For further information, see Article - KC2016 - Certificate upgrade issue 
 

After SSL certificate renewal login via publication manager is not possible

SDL LiveContent Reach: Update/upgrade/reboot of server Reach cert issues.

Tridion Docs: Invalid security certificate alert seen when visiting the Tridion Docs Web Client

No Endpoint Listening

When installing LiveContent Architect you might receive the following errormessage when trying to open the webclient:

For further details, see Article - No Endpoint Listening
 

HTTP Request was Forbidden:

When installing Live Content architect you get the message "The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden" after you have entered a correct username and password: Access is denied

For further details, see Article - HTTP Request was Forbidden
 

EntityValidationErrors:

1. When LiveContent Architect is installed for the first time, the entry points are not yet created in the STS Database. This is done as soon as the webclient is accessed for the first time. However in this scenario the End Points have not been created or the process failed to create it.
2. When a encryption certificate is stored in the STS database, it is stored using a Base 64 encoding. The maximum Lenght of this is 4000 characters. If the certificate that is beeing used, exeeds the number of characters, the application is unable to add the Relying Parties to the database and that results to the error Unable to reach the repository 'admin'. ID3082: The request scope is not valid or is unsupported.

For further details, see Article - After logging in, you receive the message "ID3082: The request scope is not valid or is unsupported"
 

ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry

For further details, see the Article - Security Token Exception ID4175
 

Sequence contains no elements

After installing LiveContent, you receive the message Sequence contains no elements

For further details, see the Article - Sequence contains no elements