MS Graph subscription API is throwing 400 Bad request with TLS/SSL secure channel

Question

In our service, we have subscribed to MS Graph for change notification to fetch the emails from outlook whenever there are new emails. We were calling the subscription API to renew all the subscription everyday to get the new notification for any new emails. Below is the API and payload: POST https://graph.microsoft.com/beta/subscriptions HTTP/1.1
Host: graph.microsoft.com
SdkVersion: Graph-dotnet-1.21.0
FeatureFlag: 0000004F
Cache-Control: no-store, no-cache Authorization: Bearer {Token} Accept-Encoding: gzip
Content-Type: application/json
Content-Length: 345   Body: {"resource":"users/{AzureUserId}/messages","changeType":"created","clientState":"B84CF737116839706F4F42D23F01D69CB171CB6CB522829C196C8A9B13BF6EEA","notificationUrl":"https://xyz.activequote.com/api/maillistener","expirationDateTime":"2024-01-30T15:03:50.2522574+00:00","@odata.type":"microsoft.graph.subscription"} Response: {"error":{"code":"InvalidRequest","message":"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.","innerError":{"date":"2024-01-29T15:05:48","request-id":"7ccb1bf5-e26a-4336-be05-4a6761d9f7da","client-request-id":"7ccb1bf5-e26a-4336-be05-4a6761d9f7da"}}} Until 21st January, everything was working fine and all of a sudden after that, we are getting this TLS/SSL secure channel Bad Request error while calling this API.

Can you please help?

Answer 1

Hello @Riddhi Jadeja As indicated by the error message, this issue is caused by an inactive, invalid or broken notification url.
is this "*https://xyz.activequote.com/api/maillistener*" the real url ?

could you also ensure the SSL certificate validation of app where your endpoint is hosted ?

I hope this helps. If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.