I am facing with error code because I have developed Web API at my local machine and I am wondering is there way to temporary bypass this restriction

The error code:
Error code: WebException

Error message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Stack trace:
  at Terrasoft.Services.Runtime.ServiceClient.d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Terrasoft.Services.Runtime.ServiceClient.Execute(IServiceClientRequest request, CancellationToken cancellationToken)
  at Terrasoft.Services.Runtime.ServiceClient.Execute(IServiceClientRequest request)
  at Terrasoft.Configuration.ServiceSchema.CallServiceSchemaService.Execute(String serviceName, String methodName, List`1 parameters)

Like 0




About the error in the logs:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

This is related to our security policy. Below, I am sending you the settings. Please verify from the integration side if they meet our requirements.

Please use the instructions below:
1. Disable support for obsolete and vulnerable versions of SSL/TLS

  • Disable SSLv2
  • Disable SSLv3
  • Disable TLSv1.0
  • Disable TLSv1.1

Instructions for MS Windows Server configuration

2. Disable support for weak encryption algorithms and protocols:

3. Enable the use of only strong encryption algorithms:


4. Define the sequence of encryption algorithms to be used in accordance with point 3
Instructions for MS Windows Server configuration

5. Enable the TLS Fallback SCSV option

6. Enable the Forward Secrecy option

7. Enable the OCSP Stapling option

Instructions for MS Windows configuration

8. Enable the HSTS option
Instructions for MS IIS configuration

9. Install the MS SQL Server 2012 Native Client on the Creatio application server (in case of using MS SQL DBMS).

Show all comments

Does BPM'Online support SSL-MA authentication? I have a financial services application that I need to connect to BPM'Online. I am going to develop few custom configuration service endpoints on BPM'Online that are going to be consumed by the financial services app. However, there is a requirement from the customer for adding an extra layer of security to any kind of interactions between the systems through client/server signed certificates(could be X.509 certificates) and perform mutual authentication. So, can mutual authentication  be performed on BPM'Online? 

Like 0



Would really appreciate some help here...


I'm not sure what is the difference between "mutual authentication" and just a simple authentication to an SSL application. According to the article by the link below, it seems like there is no difference.


Please find how to call a bpm'online authentication service in the article by the link below. Please read all the article from the very beginning to the very end before creating the integration. There are lot of tricks that you have to use are described there. 


Show all comments


When I am trying to send request from BPM (http://localhost:82) to external web app (https://localhost:58733) via 'call web service' system action I am getting an error:

"system.net.webexception could not establish secure channel for ssl/tls ---> system.security.authentication.authenticationexception the remote certificate is invalid"

What I am doing wrong? 'Call Web Service' system action should work with SSL/TLS without any problem?

Best regards,



Like 0



I've used Call Web Service with SSL without issue. That error is a general .NET error that usually relates to issues with the certificate and likely means one of the following is true:

  • The certificate doesn't match the URL.
  • The certificate is self-signed and not added as a trusted certificate.
  • The certificate is expired.
  • The certificate is signed by a root certificate that's not installed on your machine.

If the cert is ok, and since this is a local install, you can try going to the external URL in IE (on the server where Bpm'online is installed), click the lock icon then "View Certificates", then click the button to "Install Certificate" (be sure you select to install on "Local Machine" and not "Current User"


Please use this article to troubleshoot the issue https://blogs.msdn.microsoft.com/friis/2017/10/10/troubleshooting-tls-s… and also Ryan is right. The reason is probably in certificate so that's why you need to check it firstly.

Best regards,


Show all comments