The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The download error “Could not establish trust relationship for the SSL/TLS secure channel” is generally related to your machine not trusting the website’s root Certificate Authority. We are generally pretty limited in the amount of support we can provide for issues related to web filters, firewalls, proxies, certificate trust, or other network-related errors. However, our resolution below will generally help diagnose and resolve this specific error.

Topics covered in this article:

• Determine if you are Affected
• Possible Cause 1: Validate the website’s TLS/SSL certificate is trusted
• Possible Cause 2: The request was aborted: Could not create SSL/TLS secure channel

Determine if you are affected

If affected, you will see an error similar to below in one of the following log files PatchMyPC.log or SMS_ISVUPDATES_SYNCAGENT.log, dependent on the publishing method you are using.

WebClient report an error during download: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
An error occurred while downloading the file: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. [System.AggregateException]

This error is usually because the Root Certificate authority issuing the SSL certificate is not trusted on your device.

Possible cause 1: Validate the website’s TLS/SSL certificate is trusted

A common reason you may receive the error Could not establish trust relationship for the SSL/TLS secure channel is because the SSL certificate isn’t trusted.

On the machine receiving the error, browse to the URL from the log file for the download failing with this error using Internet Explorer running as NT AUTHORITY\SYSTEM.

Important: The Patch My PC Publisher uses the same .NET Framework classes as Internet Explorer to download content from the Internet. The default identity of the service is also NT AUTHORITY\SYSTEM.

It may be possible you have different Internet access control policies applied between users and computers in your environment. Performing this test in a different browser or as another identity may produce different results.

A common reason you may receive the error Could not establish trust relationship for the SSL/TLS secure channel is because the SSL certificate isn’t trusted.

If the SSL certificate is not trusted, you will need to install the SSL certificate’s root certificate.

For more details about this process for many common published certificate authorities, please review this article SSL Certificate Not Trusted Error.

Possible cause 2: The request was aborted: Could not create SSL/TLS secure channel.

The issue could also be related to the following:

• Firewall or proxy
• TLS/SSL cipher availability (limited by hardening policies or Operating System availability)

To troubleshoot the above items, please see the following article: The request was aborted: Could not create SSL/TLS secure channel.