Web Player Error message: "Could not create SSL/TLS secure channel"

Products	Versions
Spotfire Web Player	7.0 and lower

Description

Description:
"Could not create SSL/TLS secure channel. Contact the administrator to make sure that the SSL certificate has been installed."

Symptoms:

After configuring TIBCO Spotfire Web Player to access TIBCO Spotfire Server using HTTPS, users may see the error, "Could not create SSL/TLS secure channel" while browsing Web Player URL.

The following message is displayed on the browser:

----------------------------------------------------------------------------

Could not find TIBCO Spotfire Server: https://MYTSS.MYDOMAIN.COM.

DownloadAndParse manifest failed.

Failed to download manifest.

The request was aborted: Could not create SSL/TLS secure channel. Contact the administrator to make sure that the SSL certificate has been installed.

-----------------------------------------------------------------------------

Cause:
This error message appears when the TSS (Spotfire Server) certificate is not trusted on the Web Player server. In general, a self signed certificate used for the server is not trusted by other machines. Another scenario is if the CA itself is not trusted or any intermediate certificate is also not trusted on the Web Player server, then the certificate obtained from that CA is not trusted.

Issue/Introduction

Web Player error message: "Could not create SSL/TLS secure channel".

Resolution

To resolve this error, the TSS (Spotfire Server) certificate must be made to trust on the Web Player server. The server certificate is untrusted due to following:

1). The CA itself not trusted.
2). Any intermediate certificate is not trusted.
3). The server certificate is a self signed.

In order to make a certificate trusted, any of the following can be used depending on the scenario.

1). Obtain and install its CA certificate on the server to make CA as trusted.
2). Obtain and install all intermediate certificates on the server.
3). Obtain and install the server certificate itself on the server making it as trusted. This option is always used in case of a self signed certificate.

Obtaining CA/intermediate/Server certificate:

==============================================

Obtain the CA certificate from CA and any intermediate certificates from respective parties. To obtain a server certificate or a self signed server certificate, the following instructions can be used.

------- Instructions to obtain the server certificate (helpful in case of getting self signed certificate) ----------

1). Open the TIBCO Spotfire Server URL using IE.
2). In case of an untrusted certificate, IE will show a certificate error on the address bar.
3). Click on the certificate error -> Click on view certificate -> Go to Details Tab -> Click on the "Copy to File" button.
4). Copy the certificate to a file by following the "Certificate Export Wizard". (Use all default options).

----------------------------------------------------------------

Installing certificates on the server:

======================================

The following instructions can be used to install the server certificate into Trusted store of Web Player server in order to make it as trusted.

--------- Instructions to install server certificate------------

1). Login to the Web Player machine. Click Start -> Run -> Type mmc.exe -> Press enter.

2). File > Add or Remove Snap-in

3). Select "Certificates" -> Add -> "Computer account" -> Finish -> Ok

4). Expand "Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates" > Right Click -> All Tasks -> import

5). Follow "Certificate Import Wizard" and import/install the exported server certificate.

6). In case of any Intermediate Certificate, install that on "Intermediate Certification Authorities" store.

-----------------------------------------------------------------

Additional Information

https://support.microsoft.com/kb/816794?wa=wsignin1.0

Welcome to "KB Articles"