New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


My HTTP sensors could not create an SSL secure channel and are down. What can I do?

Votes:

0

Your Vote:

Up

Down

The HTTP SSL Certificate Expiry sensors and the HTTP XML/REST Value sensors in my PRTG installation do not receive any values and are in a down status. The error message of these sensors is Could not create SSL/TLS secure channel.

How can I solve this SSL issue?

error error-messages http http-sensor http-ssl-certificate-expiry http-xml https prtg ssl

Created on Jul 28, 2014 3:59:42 PM by  Gerald Schoch [Paessler Support]



1 Reply

Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 14 or later

SSL Secure Channel Error with HTTP Sensors

If you use HTTP XML/REST Value sensors, you have the option to force an SSLv3 connection in the sensor settings. However, the monitored URL might only accept ciphers for SSL connections which will allow for Perfect Forward Secrecy. This enhances the security of the connections.

The Force usage of SSLv3 option in the SSL Connection settings of this sensor type is not capable of these strong ciphers. If you have chosen to force SSL v3 for connections and the defined HTTPS URL uses forward secrecy, the HTTP sensors will show the error Could not create SSL/TLS secure channel because of this.

For example, also the PRTG server only accepts SSL connections with forward secrecy as of version 14.4.12, so you will get this error if you monitor your PRTG certificate using the force SSL v3 option (see Stable Release Notes for details).

To avoid this SSL error, you have to select the option Use SSLv3 if available. Actually, this option is even more secure than to force SSL v3 because it will use the most secure connection automatically. This is why connections to URLs with forward secrecy will only work when you define to use this setting.

Disable Force SSLv3
Set the option "Use SSLv3 if available" in the sensor settings

Note: The error message Could not create SSL/TLS secure channel also appears if you request an SSL secured URL via HTTP.

Note: This article also applies to the deprecated HTTP SSL Certificate Expiry sensor.


Note: Error Message Depends on Your Windows Language

Error messages of sensors which use the Microsoft .NET Framework such as both HTTP sensors mentioned above come directly from .NET. Because of this, the language of these messages depend on your Windows version. Below you can find the Could not create SSL/TLS secure channel message in other languages:

  • Es konnte kein geschützter SSL/TLS-Kanal erstellt werden.
  • No se puede crear un canal seguro SSL/TLS
  • Impossible de créer un canal sécurisé SSL/TLS
  • Não foi possível criar um canal seguro para SSL/TLS
  • Kan geen beveiligd SSL/TLS-kanaal maken
  • Impossibile creare un canale sicuro SSL/TLS.

Created on Jul 28, 2014 4:11:16 PM by  Gerald Schoch [Paessler Support]

Last change on Aug 8, 2017 3:45:44 PM by  Gerald Schoch [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.