How to Troubleshoot 'Could Not Establish Trust Relationship' SSL/TLS Errors?

Resolving SSL/TLS secure channel "Unable to establish trust relationship" error

It can be confusing when encountering the "Unable to establish trust relationship for SSL/TLS secure channel" error when making a web service call using an SSL secure URL. Let's explore potential causes and solutions.

This error message usually indicates a problem with the SSL certificate on the server. It might be self-signed, or the hostname doesn't match the server. To resolve this issue:

If you trust the server and don't want to verify its certificate (not recommended):

<code>// 信任所有证书
System.Net.ServicePointManager.ServerCertificateValidationCallback =
    ((sender, certificate, chain, sslPolicyErrors) => true);</code>

If you trust the server but want to verify its hostname:

<code>// 信任发送者
System.Net.ServicePointManager.ServerCertificateValidationCallback
                = ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));</code>

If you prefer to use a custom callback function to verify the certificate:

<code>ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);

private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)
{
    bool result = cert.Subject.Contains("YourServerName");
    return result;
}</code>

These solutions disable the default certificate verification process. As with external servers, use them with caution as you may be connecting to an untrusted source. However, if the server is internal and obtaining a valid certificate is impractical, these workarounds can facilitate communication.

The above is the detailed content of How to Troubleshoot 'Could Not Establish Trust Relationship' SSL/TLS Errors?. For more information, please follow other related articles on the PHP Chinese website!