Could not create SSL/TLS secure channel

Could not create SSL/TLS secure channel

This usually means that you have an invalid or expired certificate on the server. To update your certificate, please follow the below instructions.

  • Locate ssltoolkit.exe within Program Files/TARGIT/ANTServer on the server running the TARGIT Server.

    (update: The toolkit can also be launched from TARGIT Management (only when you are working directly on the TARGIT Server)
    mceclip0.png

  • The highlighted certificate is the currently active certificate.

  • From the File menu, select either
    • Install certificate from Certificate authoririty — locate the certificate file on your computer
    • Create → New self-signed certificate — enter the DNS name for the certificate (usually the pre-filled value).

  • Double-click on the new certificate to activate it.

  • It might me necessary with a restart of the TARGIT Server.
Was this article helpful?
2 out of 2 found this helpful

Comments

6 comments
  • Hi Targit People,

    Is there a way to update the clients so they "accept"/update the certificate after changing the current one on the server? We changed from a self-signed to an official one, and now the client complains that there is a "new" and an "old" certificate. 

    Is there are way to trigger a certificate update on the client side?

     

    Thanks,

    Florian

    2
  • Hello Targit Community,

    just as a follow-up - in the meantime I realized it was a problem with how I entered the server name. The certificate is for the FQDN, but I only typed the "short" server name our DNS is able to resolve. When I use the FQDN, all is good...

    0
  • The error is generic and there are many reasons why the SSL/TLS negotiation may fail. ServicePointManager.SecurityProtocol property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing c# socket connections aren't changed. Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work. Also, you have to enable other security protocol versions to resolve this issue:
     
    ServicePointManager.Expect100Continue = true;
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
         SecurityProtocolType.Tls
         SecurityProtocolType.Tls11
         SecurityProtocolType.Ssl3;
     
    //createing HttpWebRequest after ServicePointManager settings
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

    If you create HttpWebRequest before the ServicePointManager settings it will fail and shows the error message.

     

    0
  • The error message "Could not create SSL/TLS secure channel" typically occurs when there is an issue establishing a secure connection over SSL/TLS protocol. This error can have various causes, but here are a few common ones:

    1. Certificate issues: The server you're trying to connect to may have an invalid or expired SSL/TLS certificate. This can cause the SSL/TLS handshake to fail. Ensure that the server's certificate is valid and trusted.

    2. Protocol mismatch: The client and server may have incompatible SSL/TLS protocol versions or cipher suites configured. Check the protocol and cipher suite settings on both the client and server to ensure they are compatible. Candy Crush

    0
  • 2nd year in a row that we've had issues with this after the Spring time change in the US.  For some reason, after the time change, TARGIT seems to get pointed back a old certs rather than the latest cert.  Re-pointing to the current, valid cert seems to resolve it.  Odd that it happens at the same time each year.  The certs are good through Oct, so strange that this happens after the time change in March.  No use reporting as a bug as we are using an old (2019) version of ANT Server, but just mentioning it here in the event that others have the same issue.

    0
  • To resolve this issue, try the following steps:
    1. Ensure that the system date and time are set correctly. 2. Update the .NET Framework to the latest version. 3. Check that the server's SSL certificate is valid and trusted. 4. Disable insecure versions of the SSL/TLS protocol. 5.  Add the appropriate TLS/SSL cipher suite to the client configuration. 6. Enable the TLS/SSL protocol and strong encryption algorithms. 7. Configure firewall and antivirus half body sexdoll settings to allow SSL/TLS connections. 

    0

Please sign in to leave a comment.