Skip to content

Commit af2beaf

Browse files
NikosMoutzourakisNikosMoutzourakis
authored
Create SSL-TLS-not-establishing-trust-relationship.md
1 parent 58c13f5 commit af2beaf

1 file changed

Lines changed: 26 additions & 0 deletions

File tree

support/power-platform/power-automate/desktop-flows/SSL-TLS-not-establishing-trust-relationship.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
---
2+
title: Cannot establish trust relationship for the SSL/TLS secure channel
3+
description: Provides a resolution for the error in Power Automate for desktop, stating that you can't establish a trust relationship for the SSL/TLS secure channel.
4+
ms.reviewer: nimoutzo
5+
ms.date: 05/05/2025
6+
ms.custom: sap:Desktop flows\Power Automate for desktop errors
7+
---
8+
# Cannot establish trust relationship for the SSL/TLS secure channel
9+
10+
This article provides a resolution for the error in Power Automate for desktop, stating that you can't establish a trust relationship for the SSL/TLS secure channel.
11+
12+
_Applies to:_   Power Automate
13+
14+
## Symptoms
15+
- An action in Power Automate for desktop, such as 'Invoke web service' or 'Get password from CyberArk', fails at runtime with the following error:
16+
- "System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
17+
- In some cases, it is observed that a tool to inspect network traffic (e.g., Fiddler) may be installed on the computer.
18+
19+
## Applies to
20+
PAD v2.35 or higher
21+
22+
## Cause
23+
Power Automate for desktop (PAD) checks whether "https" certificates are revoked or invalid. If a certificate in the chain is revoked or invalid, an error message appears. Companies that use package inspection to audit their network infrastructure may not allow users to sign in, as their Certificate Revocation List (CRL) may not have been defined or is unreachable. If Fiddler or a similar tool is installed, it may also install a self-signed certificate whose revocation status is "Unknown". Therefore, the error message is displayed if the relevant registry key is set to "Comprehensive".
24+
25+
## Workaround
26+
To allow users with invalid certificates to use that action, follow the instructions here: https://learn.microsoft.com/power-automate/desktop-flows/governance#configure-power-automate-for-desktop-to-check-for-revoked-certificates

0 commit comments

Comments
 (0)