‘Could not establish secure channel for SSL/TLS with authority

‘Could not establish secure channel for SSL/TLS with authority

‘Could not establish secure channel for SSL/TLS with authority – Before we get into the topic of solving the issues, let brief something related to the topic now.

Question for the user

Details on the problem:

The SharePoint Webpart consumes the WCF Service ‘xxxx?wsdl’. Only TLS1.2 is supported by this WCF service. When we make a request, we get the following error:

‘Could not establish secure channel for SSL/TLS with authority

Please keep in mind that

From the UAT Environment, the same Production WCF URL ‘xxxx’ works perfectly. This problem is only coming from Production Server.

User conducted the following analysis:

1. I’ve double-checked the.NET Framework settings. 4.5.2 is the version of the server (Its Windows Server 2012 so by default we have 4.5.2, TLS1.2 supported only in 4.5 or later)

2. I’ve double-checked that Ciphers and Required are enabled (Compared UAT and Prod both are same)

3. TLS 1.0/1.1/1.2 client and server enabled (Verified from RegEdit, UAT and Prod both are same)

4. We use the same application code in UAT and Production.

5. In Production, we attempted to make a request using OpenSSL; nevertheless, the request was successful and error-free while utilising TLS1.2.

6. Every time we changed the Ciphers or TLS settings, we had to restart the servers.

User compared the cyphers, TLS, and framework settings on both the UAT and Production servers and found that they are identical. However, we are able to consume WCF Service from UAT, but the Production application is throwing an error.

Here is the solution for ‘Could not establish secure channel for SSL/TLS with authority

So, your problem is When SharePoint communicates with an external service over HTTPS, either within the same server or on a different server, you may receive the following error.

“Could not establish trust relationship for the SSL/TLS secure channel, or Remote certificate is invalid according to the validation procedure, or An operation failed because the following certificate has validation errors”

The typical scenario is that a SharePoint 2010/2013 custom component calls a WCF service over HTTPS on the same or a separate server. Because SharePoint uses its own certificate validation policy to override.NET certificate validation, this is the case.

Setting up a trust between SharePoint and the server that requires certificate validation is the solution.

Go to “Security” and then “Manage Trust” on the SharePoint Central Administration site. The certificates should be uploaded to SharePoint. The most important step is to add both the root and subordinate certificates to SharePoint.

The following are the steps to obtain certificates from the remote server that hosts the WCF service:

  1. Open Internet Explorer and navigate to the WCF service (for example, https://remotehost/service.svc?wsdl).
  2. Right-click the browser’s body and select “Properties,” “Certificates,” and “Certificate Path.”

This displays the certificate chain that the other server requires in order to interact properly. You can navigate to a specific certificate by double-clicking on it in the certificate chain, then clicking on the “Details” tab, “Copy to File” to save it with the default settings.

For example: Get both VeriSign and VeriSign Class 3 Extended Validation SSL CA.