Skip to main content
Dynamics 365 Community / Forums / Finance forum / Could not establish tr...
Finance forum
Suggested answer

Could not establish trust relationship for the SSL/TLS secure channel

editSubscribe (1) ShareShare
ReportReport
Posted on by 8
Hi everyone,
I am trying to call an external web API in d365fo x++ but I am getting an error when I pass the server url and header parameters. The error message is /The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel./ I am wondering if anyone has encountered this error before and knows how to fix it.
Here is my code for calling the external API:
 
 
       System.Net.HttpWebRequest request;
        System.IO.Stream stream;
        System.Exception sysEx;
        System.Net.ServicePointManager::SecurityProtocol=System.Net.SecurityProtocolType::Tls12;
   
        request = System.Net.WebRequest::Create(/url/) as System.Net.HttpWebRequest;
        request.Method = 'POST';
        request.ContentType = 'application/json';
        // Set the request headers
        System.Net.WebHeaderCollection headerCollection = request.Headers;
        headerCollection.Set('Authorization', 'Bearer XXXXXXXXXXXXX');
        var utf8 = System.Text.Encoding::get_UTF8();
  
        // Set the request body
        var byteArrayPayload = utf8.GetBytes(/string value/);
     
     
        try
        {
            // send out the payload
            using (System.IO.Stream dataStream = request.GetRequestStream())
            {
                dataStream.Write(byteArrayPayload, 0, byteArrayPayload.Length);
            }
            using (System.Net.HttpWebResponse response = request.GetResponse() as System.Net.HttpWebResponse)
            {
           
                stream = response.GetResponseStream();
                System.IO.StreamReader reader = new System.IO.StreamReader(stream);
                str responseBody = reader.ReadToEnd();
            }
        }
        catch (sysEx)
        {
            throw;
        }
 
  • Could not establish trust relationship for the SSL/TLS secure channel
    It seems like you're encountering an SSL/TLS certificate validation issue when trying to call an external web API from D365FO X++. This error typically occurs when the client application doesn't trust the SSL certificate presented by the server.
    To resolve this, you can try the following steps:
    1. **Ensure Trustworthy Certificate**: Make sure that the SSL certificate presented by the server is issued by a trusted Certificate Authority (CA) and is not expired or revoked.
    2. **Update Security Protocol**: You've already set the `SecurityProtocol` to `Tls12`, which is good practice. However, you might also need to set `System.Net.ServicePointManager::ServerCertificateValidationCallback` to a custom validation method if you're using a self-signed certificate or have specific certificate validation requirements.
    3. **Check Proxy Settings**: If your network uses a proxy, ensure that the proxy settings are correctly configured to allow the communication between your application and the external API.
    4. **Verify URL**: Double-check the URL you are using to make sure it's correct and accessible from your network environment.
    5. **Inspect Headers and Payload**: Ensure that the headers and payload you're sending are correctly formatted and match the API's requirements.
    6. **Debugging**: Try to capture more detailed information about the error by logging on video editor or debugging the SSL handshake process to identify the exact cause of the issue.
    Here's a modified version of your code incorporating some of these suggestions:
    ```x++
    try
    {
        // Send out the payload
        using (System.IO.Stream dataStream = request.GetRequestStream())
        {
            dataStream.Write(byteArrayPayload, 0, byteArrayPayload.Length);
        }
        // Get the response
        using (System.Net.HttpWebResponse response = request.GetResponse() as System.Net.HttpWebResponse)
        {
            stream = response.GetResponseStream();
            System.IO.StreamReader reader = new System.IO.StreamReader(stream);
            str responseBody = reader.ReadToEnd();
        }
    }
    catch (System.Net.WebException ex)
    {
        // Log or handle the exception
        str errorMessage = ex.ToString();
        throw error(errorMessage);
    }
    ```
    This code block catches the `WebException` specifically, which includes detailed information about the underlying SSL/TLS error. You can log or handle this exception to get more insights into the problem.
    Remember to replace `error(errorMessage)` with the appropriate error handling mechanism in your application.
    If the issue persists after trying these steps, you might need to consult with your network administrator or the provider of the external API for further assistance.
  • Could not establish trust relationship for the SSL/TLS secure channel
    Unable to establish a trust relationship for the SSL/TLS secure channel. The error message, "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel," typically points to an SSL/TLS certificate trust problem. To address this issue in D365FO X++, ensure the SSL/TLS certificate is trusted, new update root certificates, verify system date/time, include the root certificate in trusted authorities, and review URL, firewall/proxy settings, and the .NET Framework version. If the issue persists, reach out to the API provider for specific assistance.
  • Could not establish trust relationship for the SSL/TLS secure channel
    Unable to establish a trust relationship for the SSL/TLS secure channel. The error message, "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel," typically points to an SSL/TLS certificate trust problem. To address this issue in D365FO X++, ensure the SSL/TLS certificate is trusted, ex astris mod apk download new update root certificates, verify system date/time, include the root certificate in trusted authorities, and review URL, firewall/proxy settings, and the .NET Framework version. If the issue persists, reach out to the API provider for specific assistance.
  • Could not establish trust relationship for the SSL/TLS secure channel
    First, ensure the SSL certificate presented by the server is valid and trusted. Check the system date and time, update root certificates, and verify firewall/proxy settings. If confident in the certificate's validity, you can explicitly trust it, though it's generally not recommended without certainty. Tools like fm Fiddler or Wireshark can aid diagnosis by intercepting network traffic.
  • Suggested answer
    Could not establish trust relationship for the SSL/TLS secure channel
     When you try to use an external web API in D365FO X++, you receive an SSL/TLS trust relationship error. This is usually caused by a mismatch between the SSL certificate supplied by the server and the client's expectations. To fix this, confirm that your system trusts the SSL certificate and that the server URL is accurate. New Update Confirm that the Security Protocol Type matches the server's SSL/TLS version, then double-check the Authorization header for correct credentials. By analyzing and modifying these settings, you may properly troubleshoot and resolve the SSL/TLS trust relationship problem.
  • Could not establish trust relationship for the SSL/TLS secure channel
    thanks you're doing good job. Encountering an SSL/TLS trust relationship error in D365FO X++ when calling an external web API often results from disparities between the server's SSL certificate and client expectations. To resolve this issue, validate the SSL certificate's validity and trust on your system, and ensure the accuracy of the server URL.
  • Suggested answer
    Could not establish trust relationship for the SSL/TLS secure channel
    You're encountering an SSL/TLS trust relationship error when attempting to call an external web API in D365FO X++. This commonly happens due to a discrepancy between the SSL certificate presented by the server and the client's expectations. To address this, ensure the SSL certificate is valid and trusted by your system, and verify the correctness of the server URL. Confirm that the SecurityProtocolType aligns with the server's SSL/TLS version and double-check the Authorization header for accurate credentials. By reviewing and adjusting these aspects, you can troubleshoot and resolve the SSL/TLS trust relationship error effectively.
  • Could not establish trust relationship for the SSL/TLS secure channel

    It seems like you are encountering an SSL/TLS trust issue while calling the external web API in Dynamics 365 Finance and Operations using X++. To resolve the SSL/TLS trust relationship error, you can try the following adjustments:

    Update your code to explicitly set the security protocol to TLS 1.2 before making the web request. Add the following line before creating the web request:

    System.Net.ServicePointManager::SecurityProtocol = System.Net.SecurityProtocolType::Tls12;

    Adjust the end of your paragraph to include the relevance:

    "Additionally, for a seamless integration of Dynamics 365 Finance and Operations with external APIs, make sure to handle SSL/TLS trust relationship issues by setting the appropriate security protocol, as demonstrated in the code snippet. This ensures a secure and reliable connection when utilizing features such as the ability to record and edit videos on mobile within your Dynamics 365 environment."

  • Could not establish trust relationship for the SSL/TLS secure channel
    Unable to establish a trust relationship for the SSL/TLS secure channel. The error message, "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel," typically points to an SSL/TLS certificate trust problem. To address this issue in D365FO X++, ensure the SSL/TLS certificate is trusted, new update root certificates, verify system date/time, include the root certificate in trusted authorities, and review URL, firewall/proxy settings, and the .NET Framework version. If the issue persists, reach out to the API provider for specific assistance.
  • Could not establish trust relationship for the SSL/TLS secure channel
    the error you're encountering, "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel," suggests an issue with the SSL certificate validation for the server you're trying to connect to. To resolve this, you can adjust your code to handle SSL/TLS certificate validation more flexibly. Here's an updated version of your code:
     
    System.Net.HttpWebRequest request;
    System.IO.Stream stream;
    System.Exception sysEx;
    // Set the security protocol to handle Tls12
    System.Net.ServicePointManager::SecurityProtocol = System.Net.SecurityProtocolType::Tls12;
    try
    {
        // Create the request
        request = System.Net.WebRequest::Create("url") as System.Net.HttpWebRequest;
        request.Method = 'POST';
        request.ContentType = 'application/json';
        // Set the request headers
        System.Net.WebHeaderCollection headerCollection = request.Headers;
        headerCollection.Set('Authorization', 'Bearer XXXXXXXXXXXXX');
        // Set the request body
        var utf8 = System.Text.Encoding::get_UTF8();
        var byteArrayPayload = utf8.GetBytes("string value");
        // Disable SSL certificate validation
        ServicePointManager::ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(CertificateValidationCallBack);
        // Send out the payload
        using (System.IO.Stream dataStream = request.GetRequestStream())
        {
            dataStream.Write(byteArrayPayload, 0, byteArrayPayload.Length);
        }
        // Get and read the response
        using (System.Net.HttpWebResponse response = request.GetResponse() as System.Net.HttpWebResponse)
        {
            stream = response.GetResponseStream();
            System.IO.StreamReader reader = new System.IO.StreamReader(stream);
            str responseBody = reader.ReadToEnd();
        }
    }
    catch (sysEx)
    {
        throw sysEx;
    }
    // Function to handle certificate validation
    public static boolean CertificateValidationCallBack(Object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
                                                        System.Security.Cryptography.X509Certificates.X509Chain chain,
                                                        System.Net.Security.SslPolicyErrors sslPolicyErrors)
    {
        return true; // Accept all certificates
    }

     
    In this modification, I added a callback function CertificateValidationCallBack that always returns true to accept all certificates. This approach is less secure as it bypasses SSL certificate validation, so use it cautiously. If possible, try to address the certificate issue on the server side for a more secure solution. All you can access through XNXubd VPN Browser Latest Version.

Helpful resources

Quick Links

What Motivates a Super User?

We know many of you visit the Dynamics 365 Community and Power Platform…

Demystifying Copilot with Georg Glantschnig…

Industry experts answer burning questions directly from our amazing Community…

Setting Up Knowledge Sources for Copilot…

Look at how configuring a comprehensive knowledge base is crucial…

Leaderboard

#1
Andre Arnaud de Calavon Profile Picture

Andre Arnaud de Cal... 283,045 Super User

#2
Martin Dráb Profile Picture

Martin Dráb 222,570 Super User

#3
nmaenpaa Profile Picture

nmaenpaa 101,138

Product updates

Dynamics 365 release plans