Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Network Performance Monitor (NPM) > Error: The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel

Error: The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel

Created by James Fahey, last modified by Chris Klinedinst on Dec 11, 2017

Views: 13,685 Votes: 9 Revisions: 6

Overview

This article describes the issue when you try to export data, graphs, tables, or reports from the Orion Web Console and it throws the error message:

The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel.

If you check the core.businesslayer.log file, you could see the error message:

2017-09-07 17:28:35,094 [37] ERROR ReportingLogger - Action [Action: ID: 248, ActionType: SaveToDisk, Title: CSV - E:\RSA\REPORTS, Description: Save To Disk selected report in a specified format (CSV, PDF, or XLS), Enabled: True, Order: 1 , Context: EnviromentType: Reporting, for Account admin] execution has failed.
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

 

Environment

  • All Orion Core Platform
  • All versions of Orion products

Cause 

The issue occurs when the Orion Web Console is using HTTPS with SSL and the Certificate path has an invalid certificate or it is not imported into the Trusted Root Certificate Authorities Store.

 

Another cause for this error is when the CNAME or URL String does not match the CN on the SSL Certificate. We also store this hostname in the [dbo].Websites table in the Orion database. 

Resolution

  1. Go to the Orion server and go to Start > Administrative Tools > Internet Information Service (IIS) Manager.
  2. Expand the Application Pool, then Sites, and right-click on the SolarWinds NetPerfMon website and select Edit bindings.
  3. Click the type HTTPS Port 443 and choose Edit.
  4. In the Add Site Binding window, go to the SSL Certificate, and click on Select or view to view the Certificate.
  5. Go to the General Tab to see if there are any statements or purposes listed, if there are none and these messages appear: "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store" or "This certificate cannot be verified up to the trusted certification authority" the certificate is not trusted.
  6. The certificate needs to be imported into the proper store, do this by going to Start > Search MMC.exe > click File > select Add/Remove Snap-in... > Select Certificates, click Add, choose Computer Account, click Next and choose Local computer and Finish > click Ok.
  7. Go to the store where the certificate is not trusted is located, selected it and right-click to go to All Tasks to Export.
  8. Go to the store, in this case, the Trusted Root Certification Authorities store, right-click, choose All Tasks and select Import, and select the certificate.
  9. Go back to Internet Information Services (IIS) Manager and restart the website.

 

Links:

https://technet.microsoft.com/en-us/...(v=ws.10).aspx

http://www.iis.net/learn/manage/conf...ssl-on-iis#SSL

 

For the second scenario, try setting the websites.ServerName entry to the FQDN.

ie) ServerName = server1.name.tld

 

 

 

 

Last modified

Tags

Classifications

Public