Verify certification dependencies for plug-ins making outbound calls
Category: Maintainability, Supportability
Impact potential: High
Symptoms
You may get this error when your plug-in makes an https call to an external resource:
WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Guidance
You should verify that the site you want to connect with has a valid chain of certificates. Use one of the online test tools such as Qualys SSL Labs SSL Server Test to verify that the site provides a valid chain of certificates.
Additional information
You may encounter this when connecting to a new endpoint for the first time or when something about the certificate has changed.
When the code in your plug-in running in the sandbox attempts to connect to an external endpoint using https, the Dataverse Sandbox will start SSL/TLS negotiation. The endpoint presents a certificate to use for encryption. If the certificate has one or more intermediate certificates it must present the entire chain to successfully complete SSL/TLS negotiation. If the complete chain is not presented SSL/TLS communication cannot be established.
For more information about requirements, see Server cipher suites and TLS requirements.
See also
Write a plug-in
Set KeepAlive to false when interacting with external hosts in a plug-in
Set Timeout when making external calls in a plug-in