"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" and "The remote certificate is invalid according to the validation procedure" on just 1 server?

Toriyama 286 Reputation points
2023-04-11T09:02:20.1066667+00:00

There is an API and this API in .NET C# gives this error: "System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Unable to establish trust for SSL/TLS secure channel. -- -> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure." Is it a problem with the certificate? Can I solve this by code? It always worked and now we have this error. What can it be?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,946 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,110 questions
ASP.NET API
ASP.NET API
ASP.NET: A set of technologies in the .NET Framework for building web applications and XML web services.API: A software intermediary that allows two applications to interact with each other.
348 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Toriyama 286 Reputation points
    2023-04-19T14:21:48.7933333+00:00

    The answer to this type of problem is simple.

    1. The API needs to go to some service, website, right? Enter this and click on the url and go to the certificate that is an option in the browser. You can download.
    2. Enter the server with error and import this certificate into the server's certificates.
    3. Everything ok and no need to change code.
    3 people found this answer helpful.

  2. Bruce (SqlWork.com) 68,236 Reputation points
    2023-04-19T15:39:48.2266667+00:00

    you should probably fix the certificate rather than code around. coding around the issue, will allow man in middle attacks.

    most likely the certificate has expired. you can hit the website with a browser to see the certificate and determine the actual issue.

    2 people found this answer helpful.
    0 comments No comments

  3. RaytheonXie_MSFT 36,651 Reputation points Microsoft Vendor
    2023-04-12T06:10:08.9666667+00:00

    Hi @Toriyama ,

    You can try following code to fix this issue

    System.Net.ServicePointManager.ServerCertificateValidationCallback = (senderX, certificate, chain, sslPolicyErrors) => { return true; };
    
    

    Here is a similar issue with yours, please make a reference

    https://stackoverflow.com/questions/4492735/webexception-could-not-establish-trust-relationship-for-the-ssl-tls-secure-chann

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

  4. RaytheonXie_MSFT 36,651 Reputation points Microsoft Vendor
    2023-04-21T01:22:50.9366667+00:00

    Hi @Toriyama ,

    I'm glad to hear you solve the problem ,if you have any issue about SharePoint, you are welcome to raise a ticket in this forum.

    By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others." and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:

    Issue Symptom:

    "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" and "The remote certificate is invalid according to the validation procedure" on just 1 server

    Solution:

    1. The API needs to go to some service, website. Enter this and click on the url and go to the certificate that is an option in the browser. You can download.
    2. Enter the server with error and import this certificate into the server's certificates.

    You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community member's to see the useful information when reading this thread. Thanks for your understanding!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.