Submit a ticketCall us

WebinarUpcoming Webinar: Easily Automate Backups and Simplify Log Message Management

Backing up your network configuration and logging data are a few steps to helping keep your network safe. In this in-depth webinar, we’ll show you how these tasks can be automated to save your IT team time while maintaining accurate archives of your data.

Register now.

Home > Success Center > Network Performance Monitor (NPM) > Error: The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel

Error: The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel

Updated December 11th, 2017


This article describes the issue when you try to export data, graphs, tables, or reports from the Orion Web Console and it throws the error message:

The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel.

If you check the core.businesslayer.log file, you could see the error message:

2017-09-07 17:28:35,094 [37] ERROR ReportingLogger - Action [Action: ID: 248, ActionType: SaveToDisk, Title: CSV - E:\RSA\REPORTS, Description: Save To Disk selected report in a specified format (CSV, PDF, or XLS), Enabled: True, Order: 1 , Context: EnviromentType: Reporting, for Account admin] execution has failed.
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.



  • All Orion Core Platform
  • All versions of Orion products


The issue occurs when the Orion Web Console is using HTTPS with SSL and the Certificate path has an invalid certificate or it is not imported into the Trusted Root Certificate Authorities Store.


Another cause for this error is when the CNAME or URL String does not match the CN on the SSL Certificate. We also store this hostname in the [dbo].Websites table in the Orion database. 


  1. Go to the Orion server and go to Start > Administrative Tools > Internet Information Service (IIS) Manager.
  2. Expand the Application Pool, then Sites, and right-click on the SolarWinds NetPerfMon website and select Edit bindings.
  3. Click the type HTTPS Port 443 and choose Edit.
  4. In the Add Site Binding window, go to the SSL Certificate, and click on Select or view to view the Certificate.
  5. Go to the General Tab to see if there are any statements or purposes listed, if there are none and these messages appear: "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store" or "This certificate cannot be verified up to the trusted certification authority" the certificate is not trusted.
  6. The certificate needs to be imported into the proper store, do this by going to Start > Search MMC.exe > click File > select Add/Remove Snap-in... > Select Certificates, click Add, choose Computer Account, click Next and choose Local computer and Finish > click Ok.
  7. Go to the store where the certificate is not trusted is located, selected it and right-click to go to All Tasks to Export.
  8. Go to the store, in this case, the Trusted Root Certification Authorities store, right-click, choose All Tasks and select Import, and select the certificate.
  9. Go back to Internet Information Services (IIS) Manager and restart the website.




For the second scenario, try setting the websites.ServerName entry to the FQDN.

ie) ServerName =





Last modified