Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Network Performance Monitor (NPM) > Error: The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel

Error: The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel

Created by James Fahey, last modified by Travis.Hebbert on Sep 07, 2017

Views: 4,871 Votes: 8 Revisions: 5


This article describes the issue when you try to export data, graphs, tables, or reports from the Orion Web Console and it throws the error message:

The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel.

If you check the core.businesslayer.log file, you could see the error message:

2017-09-07 17:28:35,094 [37] ERROR ReportingLogger - Action [Action: ID: 248, ActionType: SaveToDisk, Title: CSV - E:\RSA\REPORTS, Description: Save To Disk selected report in a specified format (CSV, PDF, or XLS), Enabled: True, Order: 1 , Context: EnviromentType: Reporting, for Account admin] execution has failed.
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.



  • All Orion Core Platform
  • All versions of Orion products


The issue occurs when the Orion Web Console is using HTTPS with SSL and the Certificate path has an invalid certificate or it is not imported into the Trusted Root Certificate Authorities Store.


Another cause for this error is when the websites.ServerName entry does not match the domain covered by a wildcard SSL certificate.  ie) ServerName = server1, and the SSL certificate is for *.name.tld


  1. Go to the Orion server and go to Start > Administrative Tools > Internet Information Service (IIS) Manager.
  2. Expand the Application Pool, then Sites, and right-click on the SolarWinds NetPerfMon website and select Edit bindings.
  3. Click the type HTTPS Port 443 and choose Edit.
  4. In the Add Site Binding window, go to the SSL Certificate, and click on Select or view to view the Certificate.
  5. Go to the General Tab to see if there are any statements or purposes listed, if there are none and these messages appear: "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store" or "This certificate cannot be verified up to the trusted certification authority" the certificate is not trusted.
  6. The certificate needs to be imported into the proper store, do this by going to Start > Search MMC.exe > click File > select Add/Remove Snap-in... > Select Certificates, click Add, choose Computer Account, click Next and choose Local computer and Finish > click Ok.
  7. Go to the store where the certificate is not trusted is located, selected it and right-click to go to All Tasks to Export.
  8. Go to the store, in this case, the Trusted Root Certification Authorities store, right-click, choose All Tasks and select Import, and select the certificate.
  9. Go back to Internet Information Services (IIS) Manager and restart the website.




For the second scenario, try setting the websites.ServerName entry to the FQDN.

ie) ServerName =





Last modified
16:49, 7 Sep 2017