ARL import failed: Could not establish trust relationship for the SSL/TLS secure channel

ARL import failed: Could not establish trust relationship for the SSL/TLS secure channel

Summary

ARL import failed: Could not establish trust relationship for the SSL/TLS secure channel

Symptoms

ARL import failed.

mgsImportRecognition.exe fails with the following error.

 

C:\Program Files (x86)\Flexera Software\FlexNet Manager Platform\DotNet\bin>mgsImportRecognition.exe
Downloading and importing software recognition data from 'http://www.managesoft.com/support/Compliance/RecognitionAfter82.cab'...

Unexpected error occurred:

ManageSoft.Compliance.Logic.Core.API.ImportRecognitionDownloadException: Failed to download the file 'http://www.managesoft.com/support/Compliance/RecognitionAfter82.cab' to 'C:\Users\flex-admin\AppData\Local\Temp\RecognitionAfter82.cab'.
---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Autentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.WebClient.DownloadFile(Uri address, String fileName)
at ManageSoft.Compliance.Logic.Core.Impl.RecognitionImporter.Download(String p_ImportUrl, String p_DownloadPath)
--- End of inner exception stack trace ---
at ManageSoft.Compliance.Logic.Core.Impl.RecognitionImporter.Download(String p ImportUrl String p_DownloadPath)
at ManageSoft.Compliance.Logic.Core.Impl.RecognitionImporter.Import(EARLImportMode p_ARLImportMode, String p_DownloadLocationOverride, String p_LocalFilePathOverrideARL, String p_GroupDatabaseName)
at ManageSoft.Compliance.Console.RecognitionImportTool.ImportRecognition()

Failed to download the file 'http://www.managesoft.com/support/Compliance/RecognitionAfter82.cab' to 'C:\Users\flex-admin\AppData\Local\Temp\RecognitionAfter82.cab'.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
ARL import has failed. Please check the ARL log file for the detailed error message.

ARL/SKU import has failed. Please check the ARL/SKU log files for the detailed error message.

 

Cause

A certificate chain could not be built to a trusted root authority.

The root or/and the intermediate certificates are not stored in the Cert Store of the computer.  ARL download requires Thawte Primary Root CA - G3 and Thawte SHA256 SSL CA.

User-added image

Resolution

These certificates are available in the following Thawte's web pages. Please download the missing certificate(s), and import it/them to the Cert Store.

Thawte Primary Root CA - G3: https://www.thawte.com/roots/

Thawte SHA256 SSL CAhttps://knowledge.digicert.com/solution/SO26817.html

Labels (1)
Was this article helpful? Yes No
No ratings
Comments

@dgottlieb this link no longer works:  https://knowledge.digicert.com/solution/SO26817.html

Can you provide an updated link to get the Thawte SHA256 SSL cert?

Thanks!

Version history
Revision #:
3 of 4
Last update:
‎Jun 18, 2020 03:59 AM
Updated by:
 
Contributors