Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > Error: The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel

Error: The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel

Created by James Fahey, last modified by Alexis Pasao on Sep 26, 2018

Views: 27,211 Votes: 10 Revisions: 9

Updated September 21, 2018

Overview

This article describes the issue when you try to export data, graphs, tables, or reports from the Orion Web Console and it throws the error message:

The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel.

If you check the core.businesslayer.log file, you could see the error message:

2017-09-07 17:28:35,094 [37] ERROR ReportingLogger - Action [Action: ID: 248, ActionType: SaveToDisk, Title: CSV - E:\RSA\REPORTS, Description: Save To Disk selected report in a specified format (CSV, PDF, or XLS), Enabled: True, Order: 1 , Context: EnviromentType: Reporting, for Account admin] execution has failed.
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

 

Environment

  • All Orion Core Platform
  • All versions of Orion products

Cause 

The issue occurs when the Orion Web Console is using HTTPS with SSL and the Certificate path has an invalid certificate or it is not imported into the Trusted Root Certificate Authorities Store.

 

Another cause for this error is when the CNAME or URL String does not match the CN on the SSL Certificate. We also store this hostname in the [dbo].Websites table in the Orion database. 

Resolution

  1. Go to the Orion server and go to Start > Administrative Tools > Internet Information Service (IIS) Manager.
  2. Expand the Application Pool, then Sites, and right-click on the SolarWinds NetPerfMon website and select Edit bindings.
  3. Click the type HTTPS Port 443 and choose Edit.
  4. In the Add Site Binding window, go to the SSL Certificate, and click on Select or view to view the Certificate.
  5. Go to the General Tab to see if there are any statements or purposes listed if there are none and these messages appear: "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store" or "This certificate cannot be verified up to the trusted certification authority" the certificate is not trusted.
  6. The certificate needs to be imported into the proper store, do this by going to Start > Search MMC.exe > click File > select Add/Remove Snap-in... > Select Certificates, click Add, choose Computer Account, click Next and choose the Local computer and Finish > click Ok.
  7. Go to the store where the certificate is not trusted is located, selected it and right-click to go to All Tasks to Export.
  8. Go to the store, in this case, the Trusted Root Certification Authorities store, right-click, choose All Tasks and select Import, and select the certificate.
  9. Go back to Internet Information Services (IIS) Manager and restart the website.

 

Links:

https://technet.microsoft.com/en-us/...(v=ws.10).aspx

(content provided by Microsoft TechNet, available at https://technet.microsoft.com, obtained on August 21, 2018).

http://www.iis.net/learn/manage/conf...ssl-on-iis#SSL 

(content provided by Saad Laaki, available at https://www.iis.net, obtained on August 21, 2018).

 

For the second scenario, try setting the websites.ServerName entry to the FQDN.

ie) ServerName = server1.name.tld

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third-party content at your own risk, and you will be solely responsible for the incorporation of the same if any.

 

 

Suggested tags: Report, SSL, Certificate

 

Reason for Rework or Feedback from Technical Content Review: 

There's a known issue when upgrading to SAM 6.3 with HTTPS monitors having these errors. Currently tracked under SAM-4538. Please submit a bug case to jira if you run into this.

Last modified

Tags

Classifications

Public