Comments on: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

By: Alexandre Ponso

Alexandre Ponso — Tue, 13 Mar 2012 19:09:15 +0000

Worked for me too. thanks.

By: Carl

Carl — Mon, 13 Feb 2012 02:20:04 +0000

Using Go Daddy certificates?

When you look at the Go Daddy Certification Path of that certificate on the web server, do you see Go Daddy Class xxx or Starfield Class xxx ?

And from your non-legacy client i.e Windows Vista upwards, what does the Go Daddy Certification Path display? Go Daddy Class xxx or Starfield Class xxx ?

And these clients that get the warning, are they legacy clients? i.e WinXP and older?

Root Certificate updates works differently as of Windows Vista.

http://support.microsoft.com/kb/931125

Root certificates on Windows Vista and later are distributed via the automatic root update mechanism ? that is, per root certificate. When a user visits a secure Web site (by using HTTPS SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing) and encounters a new root certificate, the Windows certificate chain verification software checks Microsoft Update for the root certificate. If it finds it, it downloads the current Certificate Trust List (CTL) containing the list of all trusted root certificates in the Program, and verifies that the root certificate is listed there; it then downloads the specified root certificate to the system and installs it in the Windows Trusted Root Certification Authorities Store.

You’ll probably find that your Go Daddy Certification Path on the web server thinks it’s Starfield Class 2 instead of Go Daddy Class 2 so you installed the wrong root certificate. It caught me out as when you view in on the web server it doesn’t display a root certificate warning, download and install the Do Daddy class 2 root cert and remove the Starfield one and your problem should dissapear.

By: Ravi

Ravi — Thu, 05 Jan 2012 18:00:49 +0000

Thanks. work like a charm..

By: Jarosław Dobrzański

Jarosław Dobrzański — Mon, 26 Dec 2011 14:00:13 +0000

Terence, have you followed suggestions from my post? Also, from the top of my head, have you tried making the certificate trusted? This can be done with Certificates MMC Snap-in.

Jarek

By: karthik

karthik — Thu, 22 Dec 2011 09:50:40 +0000

Thanks for the code, You are the champ and your code worked like a charm…

By: terence chua

terence chua — Wed, 14 Dec 2011 15:16:47 +0000

Just wish to check, my development application as client is function well when the server is connect to http web service.

now i try to move to other environment which having setup of https (or ssl). then i hit the error below:-

“The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel”

I already install the certificate provided by the web service. I try to use SOAPUI as tools to check it working fine from my client to the server. but my application just not work.

need help urgently. thanks a lot

By: Asif

Asif — Mon, 24 Oct 2011 07:47:59 +0000

Thanks for this great piece of code, it save my lot of time.

By: Donald

Donald — Fri, 08 Jul 2011 16:22:25 +0000

Thanks, and to Lee Oades as well. I had to use his code to get it working.

By: vicky

vicky — Mon, 20 Jun 2011 08:47:51 +0000

Implementing this solution does solve the issue, but now i am not sure of thefact, whether we are bypassing certification check of our SMTP server or server which is receiving the mail.

Essentially i am trying to send mail using (TLS) within a webpart embded in SharePoint environment.

Any pointers on security risks, involved??

By: kabs

kabs — Thu, 12 May 2011 10:39:04 +0000

Thank u very much.Fixed my issue.