Could not create SSL/TLS secure channel

Could not create SSL/TLS secure channel

This usually means that you have an invalid or expired certificate on the server. To update your certificate, please follow the below instructions.

  • Locate ssltoolkit.exe within Program Files/TARGIT/ANTServer on the server running the TARGIT Server.

    (update: The toolkit can also be launched from TARGIT Management (only when you are working directly on the TARGIT Server)
    mceclip0.png

  • The highlighted certificate is the currently active certificate.

  • From the File menu, select either
    • Install certificate from Certificate authoririty — locate the certificate file on your computer
    • Create → New self-signed certificate — enter the DNS name for the certificate (usually the pre-filled value).

  • Double-click on the new certificate to activate it.

  • It might me necessary with a restart of the TARGIT Server.
Was this article helpful?
2 out of 2 found this helpful

Comments

4 comments
  • Hi Targit People,

    Is there a way to update the clients so they "accept"/update the certificate after changing the current one on the server? We changed from a self-signed to an official one, and now the client complains that there is a "new" and an "old" certificate. 

    Is there are way to trigger a certificate update on the client side?

     

    Thanks,

    Florian

    2
  • Hello Targit Community,

    just as a follow-up - in the meantime I realized it was a problem with how I entered the server name. The certificate is for the FQDN, but I only typed the "short" server name our DNS is able to resolve. When I use the FQDN, all is good...

    0
  • The error is generic and there are many reasons why the SSL/TLS negotiation may fail. ServicePointManager.SecurityProtocol property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing c# socket connections aren't changed. Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work. Also, you have to enable other security protocol versions to resolve this issue:
     
    ServicePointManager.Expect100Continue = true;
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
         SecurityProtocolType.Tls
         SecurityProtocolType.Tls11
         SecurityProtocolType.Ssl3;
     
    //createing HttpWebRequest after ServicePointManager settings
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

    If you create HttpWebRequest before the ServicePointManager settings it will fail and shows the error message.

     

    0
  • The error message "Could not create SSL/TLS secure channel" typically occurs when there is an issue establishing a secure connection over SSL/TLS protocol. This error can have various causes, but here are a few common ones:

    1. Certificate issues: The server you're trying to connect to may have an invalid or expired SSL/TLS certificate. This can cause the SSL/TLS handshake to fail. Ensure that the server's certificate is valid and trusted.

    2. Protocol mismatch: The client and server may have incompatible SSL/TLS protocol versions or cipher suites configured. Check the protocol and cipher suite settings on both the client and server to ensure they are compatible. Candy Crush

    0

Please sign in to leave a comment.