![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 33%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
20,221 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello,
Here are the main causes of the “Could not establish trust relationship for the SSL/TLS Secure Channel with Authority” message:
-Self-signed certificates: These certificates are often generated for free. However, they don’t provide as much trust as commercial certificates.
-Expired certificates: Most SSL certificates are only valid for a year. Therefore, you’ll need to renew your certificate as it nears its expiration date.
-Certificates not signed by a trusted Certificate Authority (CA): Like self-signed certificates, a lesser-known certificate provider might not be trusted by every browser.
-Free SSL certificates: There are a few free CAs, but sometimes their root certificates must be manually imported into your browser to clear the error.
-Certificates that are missing a chain/intermediate certificate: Most trusted certificates ask you to install at least one other chain/intermediate certificate to link your SSL certificate to a trusted source. However, this process depends on the browser you use. For example, Internet Explorer can automatically download intermediate certificates, but Mozilla Firefox can’t.
All in all, try to access the same address in a browser suing the HTTPS:// prefix in order to show the certificate validity, then depending on your browser click on the "padlock" symbol next to the URL and go to "More Information" or "Certificate Information" in order to find which of the previous causes may be applying here.
Also, ensure that you are using TLS 1.1 and 1.2, since most of the secure connection services will require this level of encryption in order to allow the communication. TLS 1.0 is considered highly vulnerable and therefor rejected by default.
You can check TLS 1.2 enablement in the registry on Windows 2012 and 2012R2 as:
-Press the Windows key + R to start Run, type regedit, and press Enter or click OK.
-Now go to the following key and check it. If it’s present, the value should be 0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault
-Also, check the following key. If you find it, its value should be 1:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\Enabled
-If you can’t find any of the keys or if their values are not correct, then TLS 1.2 is not enabled.
--If the reply is helpful, please Upvote and Accept as answer--