1. TARGIT Community
  2. Documentation
  3. Administrator
  4. Error Messages

Could not create SSL/TLS secure channel

Avatar
Niels Thomsen

Could not create SSL/TLS secure channel

 

This usually means that you have an invalid or expired certificate on the server. To update your certificate, please follow the below instructions.

  • Locate ssltoolkit.exe within Program Files/TARGIT/ANTServer on the server running the TARGIT Server.

    (update: The toolkit can also be launched from TARGIT Management (only when you are working directly on the TARGIT Server)
    mceclip0.png

  • The highlighted certificate is the currently active certificate.

  • From the File menu, select either
    • Install certificate from Certificate authoririty — locate the certificate file on your computer
    • Create → New self-signed certificate — enter the DNS name for the certificate (usually the pre-filled value).

  • Double-click on the new certificate to activate it.

  • It might me necessary with a restart of the TARGIT Server.
Was this article helpful?
2 out of 2 found this helpful

Comments

3 comments
Date Votes
  • Avatar
    Florian Benischke

    Hi Targit People,

    Is there a way to update the clients so they "accept"/update the certificate after changing the current one on the server? We changed from a self-signed to an official one, and now the client complains that there is a "new" and an "old" certificate. 

    Is there are way to trigger a certificate update on the client side?

     

    Thanks,

    Florian

    2
  • Avatar
    Florian Benischke

    Hello Targit Community,

    just as a follow-up - in the meantime I realized it was a problem with how I entered the server name. The certificate is for the FQDN, but I only typed the "short" server name our DNS is able to resolve. When I use the FQDN, all is good...

    0
  • Avatar
    warren jonn

    The error is generic and there are many reasons why the SSL/TLS negotiation may fail. ServicePointManager.SecurityProtocol property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing c# socket connections aren't changed. Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work. Also, you have to enable other security protocol versions to resolve this issue:
     
    ServicePointManager.Expect100Continue = true;
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
         SecurityProtocolType.Tls
         SecurityProtocolType.Tls11
         SecurityProtocolType.Ssl3;
     
    //createing HttpWebRequest after ServicePointManager settings
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

    If you create HttpWebRequest before the ServicePointManager settings it will fail and shows the error message.

     

    0

Please sign in to leave a comment.

Articles in this section