What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

My HTTP sensors could not create an SSL secure channel and are down. What can I do?

Votes:

0

The HTTP SSL Certificate Expiry sensors in my PRTG installation do not receive any values and show a Down status. The corresponding error message is Could not create SSL/TLS secure channel.

How can I solve this SSL issue?

error error-messages http http-sensor http-ssl-certificate-expiry http-xml https prtg ssl

Created on Jul 28, 2014 3:59:42 PM by Gerald Schoch [Paessler Support]

Last change on Jul 15, 2019 10:26:21 AM by Maike Guba [Paessler Support] (2,404) 2 1



1 Reply

Accepted Answer

Votes:

0

This article applies to PRTG Network Monitor 14 through 17.3.33

SSL secure channel error with HTTP sensors

Note: The content of this article only refers to the deprecated HTTP SSL Certificate Expiry sensor.

If you use the deprecated HTTP SSL Certificate Expiry sensor, you have the option to force an SSLv3 connection in the sensor settings. However, the monitored URL might only accept ciphers for SSL connections that will allow for Perfect Forward Secrecy. This enhances connection security.

The Force usage of SSLv3 option in the SSL Connection settings of this sensor type is not capable of these strong ciphers. If you selected to force SSLv3 for connections and the defined HTTPS URL uses forward secrecy, the sensor will show the error Could not create SSL/TLS secure channel because of this.

Moreover, the PRTG server only accepts SSL connections with forward secrecy as of version 14.4.12, so you will also get this error if you monitor your PRTG certificate using the Force usage of SSLv3 option.

To avoid this SSL error, you have to select the option Use SSLv3 if available. Actually, this option is even more secure than forcing SSLv3 because it will automatically use the most secure connection. This is why connections to URLs with forward secrecy will only work if you select this setting.

Disable Force SSLv3
Click to enlarge.

Note: The error message Could not create SSL/TLS secure channel also appears if you request an SSL-secured URL via HTTP.

Note: error message depends on your Windows language

Error messages of sensors that use the Microsoft .NET Framework such as the HTTP sensors mentioned above come directly from .NET. Because of this, the language of these messages depend on your Windows version. Below you can find the Could not create SSL/TLS secure channel message in other languages:

  • Es konnte kein geschützter SSL/TLS-Kanal erstellt werden.
  • No se puede crear un canal seguro SSL/TLS
  • Impossible de créer un canal sécurisé SSL/TLS
  • Não foi possível criar um canal seguro para SSL/TLS
  • Kan geen beveiligd SSL/TLS-kanaal maken
  • Impossibile creare un canale sicuro SSL/TLS.

Created on Jul 28, 2014 4:11:16 PM by Gerald Schoch [Paessler Support]

Last change on Dec 4, 2020 1:42:59 PM by Brandy Greger [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.