![Picture1-1.png]](https://faqs.safetynetsolutions.co.uk/hs-fs/hubfs/Picture1-1.png?height=18&name=Picture1-1.png){kind=small}
-
Resolving the "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" error- Add as a Trusted Site or Application. SKYVISITOR is a secure application
This error indicates that the client application (e.g., your browser, or another program) is unable to establish a secure connection with a server because it doesn't trust the server's SSL/TLS certificate. This lack of trust is often referred to as an "SSL/TLS handshake failure".
Here's a breakdown of common causes and troubleshooting steps to resolve this issue:
1. Underlying causes
- Self-signed or Untrusted Certificate: The server may be using a self-signed certificate, or the certificate was issued by a Certificate Authority (CA) not inherently trusted by your system.
- Expired Certificate: Certificates have a limited validity period. If the certificate has expired, the client will reject it.
- Certificate Name Mismatch: The domain name in the certificate doesn't match the URL being accessed (e.g., trying to access example.com but the certificate is for www.example.com).
- Missing Intermediate Certificate: The server might not be providing the full certificate chain, meaning the intermediate certificates needed to link it back to a trusted root certificate are missing or incorrectly configured.
- Incorrect Date and Time: An inaccurate system clock can lead to validation failures, as the system may incorrectly perceive the certificate as expired or not yet valid.
- Outdated Software: Older browsers or operating systems might lack support for the latest TLS protocols (like TLS 1.2 or 1.3), resulting in connection failures.
- Interference from Security Software: Antivirus programs, firewalls, VPNs, or network filters can sometimes interfere with SSL/TLS handshakes, leading to connection issues.
2. Troubleshooting steps
- Check the Certificate Errors: Examine the certificate details provided by your browser or application. Look for errors related to expiration, unknown issuer, or domain mismatch.
- Verify Date and Time: Ensure your system's date and time are accurate and set to automatically synchronize, if possible.
- Update Software: Update your operating system, browser, and security software (antivirus, firewall, etc.) to the latest versions.
- Test with a Different Browser or Device: Try accessing the problematic URL using a different browser or device to see if the issue is client-specific.
- Check Network/Proxy Settings: Review your firewall, proxy server, and VPN settings, temporarily disabling them if necessary, to rule out interference.
- Use an SSL Checker Tool: Online tools like SSL Labs can help diagnose certificate issues independently of your browser, providing insights into the certificate's validity and configuration.
3. Potential solutions based on the root cause
- For Untrusted or Self-Signed Certificates:
- Add Certificate to Trusted Store: If the certificate is from a trusted source (e.g., an internal network), manually add it to your system's trusted root certificates store.
- Obtain a CA-Signed Certificate: For public-facing websites, obtain an SSL certificate from a recognized and trusted Certificate Authority (CA).
- For Expired Certificates: Renew the SSL certificate with your CA or hosting provider.
- For Certificate Name Mismatch: Obtain a new certificate that covers both the "www" and non-www versions of your domain, or configure your website to redirect accordingly.
- For Missing Intermediate Certificates: Ensure all intermediate certificates in the chain are correctly installed on the server.
- For Outdated TLS Protocols: Ensure that TLS 1.2 and 1.3 are enabled in your browser or application settings, says Microsoft Learn.
- For Antivirus/Firewall Interference: Configure your security software to allow SSL/TLS connections to the specific URL, or temporarily disable inspection features.
Remember to restart your browser or computer after making any changes to ensure the new settings are applied.