ssl sitecore ssl-certificate sitecore6 sitecore-ecm

Sitecore ECM: Could not establish trust relationship for the SSL/TLS secure channel

I am getting the following error whenever I try to do a Test Connection in Email Campaign Manager.

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The following is the error which is recorded in the log

ManagedPoolThread #11 11:41:08 INFO Job started: VerifyMTA
ManagedPoolThread #11 11:41:08 WARN EmailCampaign: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Exception: System.Net.WebException
Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Source: System.Web.Services
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Sitecore.Modules.EmailCampaign.AppsService.AppsService.GetServerApplicationsByApplicationId(Credentials credentials, Guid applicationId)
at Sitecore.Modules.EmailCampaign.Core.Services.AppsServiceClient.IsApplicationPurchased(Guid applicationId)
at Sitecore.Modules.EmailCampaign.Core.MessageTransfer.EmailDeliveryClient.IsPurchased()
at Sitecore.Modules.EmailCampaign.Core.MessageTransfer.EmailDeliveryClient.GetSmtpConfiguration()
at Sitecore.Modules.EmailCampaign.SendingManager.GetSmtpSettings()
at Sitecore.Modules.EmailCampaign.Core.MessageTransfer.MtaChecker.GetSmtpSettings(StringBuilder report, String& error)
at Sitecore.Modules.EmailCampaign.Core.MessageTransfer.RemoteMtaChecker.GetSmtpSettings(StringBuilder report, String& error)

Nested Exception

Exception: System.Security.Authentication.AuthenticationException
Message: The remote certificate is invalid according to the validation procedure.
Source: System
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)


ManagedPoolThread #11 11:41:08 INFO Job ended: VerifyMTA (units processed: )

I am also getting an error in the Connection test option in the Email Delivery tab of Sitecore App Center.

The port numbers 25 and 443 are open in the server to contact the Sitecore app center and the mail server(Default Sitecore Mail Server). I can do

telnet apps.sitecore.net 443

and it works fine.

I have tried logging out and logging back in; in the Sitecore appcenter as suggested in the some other thread in stackoverflow. But still I am getting this error.

Can anyone suggest a fix to this. Thanks in advance.

Solution

We contacted Sitecore and we got the following response to troubleshoot the issue

Relogin (Log off and log back on) to the App Center Sitecore Application ( that makes the system to update authentication information )
Make sure the 'Email Delivery' app in Sitecore App Center has green 'Running' status icon next to it (indicating that the service has been purchased for the current account)
Verify connection between ECM (E-mail Campaign Manager) and MTA (Message Transfer Agent) as per recommendations from chapter 3.1.5 from the 'ECM 1.3.3 Administrator's and Developer's Guide' document on SDN available at http://sdn.sitecore.net/Products/ECM/ECM%201,-d-,3/Documentation.aspx
In case additional troubleshooting is required set the 'Debug' setting from the 'Sitecore.EmailCampaign.config' file (in the '/App_Config/Include' folder) to 'true'. The setting specified whether verbose logging in Sitecore log files for the ECM is enabled.
This can be related to an invalid or expired SSL certificate or because there is a mismatch between the certificate and the site's url (or base URL setting). Please check if these articles can help you:

Could not establish trust relationship for SSL/TLS secure channel -- SOAP

http://www.outsystems.com/NetworkForums/ViewTopic.aspx?Topic=Web-Services:-Could-not-establish-trust-relationship-for-the-SSL/TLS

Please check that the value of GlobalSettings.RendererUrl setting is equal to your current site hostname. You can use the following code in your layout for this:


    protected override void OnLoad(EventArgs e)
    {

           Response.Write("GlobalSettings.RendererUrl: "+Sitecore.Modules.EmailCampaign.GlobalSettings.RendererUrl);
           base.OnLoad(e);
    }

In addition, please check that Anonymous Access is allowed for your WebSite or ECM requests are not blocked by firewall.

Temporary Fix
As a temporary fix, you can add a call back delegate that always returns true whenever Sitecore tries to verify the remote server certificate. You can do this by adding a function in Global.asax file provided by Sitecore in website folder as explained here . If this solves the issue then it confirms that it is Server certificate issue. This might cause some security issue so dont use it as a permanent solution.