Could not establish trust relationship for the SSL/TLS secure channel Error
Sample Error
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

OR

The remote certificate is invalid according to the validation procedure
Solution or Workaround
If your website, Asp.Net application, or PDshop encounters one of the above error messages while trying to communicate with another server or API, you may need to Contact Us for help.  These errors often indicate that the web server hosting your site does not support one or more modern Protocols, Ciphers, Hashes, or Key Exchanges.  This can be a sign that your hosting server is an older server that needs to be updated, or it's settings need adjustment.

In order to establish remote SSL or TLS connections, your web server should support the following:

TLS Protocols that should be enabled:
TLS 1.0
TLS 1.1
TLS 1.2

Ciphers that should be enabled:
Triple DES 168
AES 128/128
AES 256/256

Hashes that should be enabled:
MD5
SHA
SHA 256
SHA 384
SHA 512

Key Exchanges that should be enabled:
PKCS
ECDH

Because resolving errors related to TLS/SSL can be complex, please contact our IT Services team for help.
Related Articles
Other Resources
Related Topics
Search for help...

IMPORTANT

IMPORTANT update for 2019. All users should install the Latest Update for 2019. If you are using 10.067 or earlier, you need to update to 10.068 or higher.