Could not create SSL/TLS secure channel

Could not create SSL/TLS secure channel

This usually means that you have an invalid or expired certificate on the server. To update your certificate, please follow the below instructions.

  • Locate ssltoolkit.exe within Program Files/TARGIT/ANTServer on the server running the TARGIT Server.

    (update: The toolkit can also be launched from TARGIT Management (only when you are working directly on the TARGIT Server)
    mceclip0.png

  • The highlighted certificate is the currently active certificate.

  • From the File menu, select either
    • Install certificate from Certificate authoririty — locate the certificate file on your computer
    • Create → New self-signed certificate — enter the DNS name for the certificate (usually the pre-filled value).

  • Double-click on the new certificate to activate it.

  • It might me necessary with a restart of the TARGIT Server.
Was this article helpful?
2 out of 2 found this helpful

Comments

4 comments
  • Hi Targit People,

    Is there a way to update the clients so they "accept"/update the certificate after changing the current one on the server? We changed from a self-signed to an official one, and now the client complains that there is a "new" and an "old" certificate. 

    Is there are way to trigger a certificate update on the client side?

     

    Thanks,

    Florian

    2
  • Hello Targit Community,

    just as a follow-up - in the meantime I realized it was a problem with how I entered the server name. The certificate is for the FQDN, but I only typed the "short" server name our DNS is able to resolve. When I use the FQDN, all is good...

    0
  • The error is generic and there are many reasons why the SSL/TLS negotiation may fail. ServicePointManager.SecurityProtocol property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing c# socket connections aren't changed. Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work. Also, you have to enable other security protocol versions to resolve this issue:
     
    ServicePointManager.Expect100Continue = true;
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
         SecurityProtocolType.Tls
         SecurityProtocolType.Tls11
         SecurityProtocolType.Ssl3;
     
    //createing HttpWebRequest after ServicePointManager settings
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

    If you create HttpWebRequest before the ServicePointManager settings it will fail and shows the error message.

     

    0
  • 2nd year in a row that we've had issues with this after the Spring time change in the US.  For some reason, after the time change, TARGIT seems to get pointed back a old certs rather than the latest cert.  Re-pointing to the current, valid cert seems to resolve it.  Odd that it happens at the same time each year.  The certs are good through Oct, so strange that this happens after the time change in March.  No use reporting as a bug as we are using an old (2019) version of ANT Server, but just mentioning it here in the event that others have the same issue.

    0

Please sign in to leave a comment.