Contents
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel on Windows 11/10

The Windows OS has come a long way since Windows NT. The OS has managed to improve and integrate so many unique features into the Windows ecosystem, but there are still a few issues that are yet to be fixed. Some of these issues, like SSL/TLS errors, appear irresoluble, especially on Windows 10 and 11. Tech and Windows buffs may be able to use CMD (Command Prompt) to solve some of these issues, but the average user is more likely to remain stuck.

In this article, we offer tips on how to fix “the underlying connection was closed,” one of the most seemingly irresolvable errors on Windows 10 and 11. First, we explain the error and its causes, and then we present the methods for fixing it.

What is the SSL/TLS Secure Channel Error?

The SSL/TLS secure channel error is closely related to a user’s connection to a web server. Specifically, it is an issue with the website’s SSL certificate. SSL certificate (short for Secure Sockets Layer certificate) is a digital document that shows that a website is secure and encrypted according to the standards of the Internet. This certificate signifies a website’s level of security and confirms that the website is not overly susceptible to the activities of cybercriminals.

Now, an SSL error refers simply to the fact that your web browser is having issues authenticating the SSL certificate on a website. This may be because the SSL certificate on the website has expired or is nonexistent. Whichever the case, your web browser thinks that the website is not secure and should not be used.

Typically, when your web browser displays an SSL error message, the address bar already shows you that the website is insecure. A secure website has a padlock icon. So, when you see this padlock icon, you know that the search engine has already approved the website and you can keep payment and password information on such websites. But when there is no padlock icon, the web address reads “HTTP” instead of “HTTPS,” and your web warns you that the website is insecure, you can still use the website—just not for anything that has to do with your passwords and payment transactions.

In addition to the SSL (and SSL error) there is TLS (Transport Layer Security). The latter is an improvement upon SSL. Thus, it is a security protocol that ensures that information can be streamed between two channels, the web server and the client (you), without any problems. These problems could be an illegal intermediary like a hacker’s algorithm or a tracker that steals data. In any case, the protocol ensures that the communication between a web server and a user is safe.

TLS error, in this context, consequently refers to any error that frustrates the communication between a web server and a user. Whether this is a result of the server’s inadequacies or the user’s browser applications or machine, TLS errors prevent the user from accessing the content on the web server.

The SSL/TLS secure channel error is technically referred to as a handshake error. Simply put, this handshake error, which could take the form of “the underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel”, occurs because your web browser cannot verify the validity of the server. This verification process is like a handshake between your side (your PC and web browser) and the server side. When it fails, you get the “underlying connection was closed…” error.

Causes of the SSL/TLS Errors on Windows 10 and 11

There are many possible causes for the SSL/TLS errors on Windows 10 and 11. Once again, these errors could be from the end of the user or the server. In any case, “the underlying connection was closed” is triggered when:

  1. The SSL certificate is invalid, expired, or revoked: The most common reason for the TLS/SSL error is that there is something wrong with the SSL certificate. This is a server or hostname issue that could take many forms. It could be that the website does not have an SSL certificate. However, with the ease of acquiring these digital signatures, it is more likely that the certificate is invalid because it is incomplete or does not match the URL hostname. If this is not the case, then the certificate on the website has expired or been revoked.
  2. The user’s time or date is incorrect: Interestingly, something as trivial as incorrect time settings can trigger the SSL/TLS error. If your PC runs on manual time, for example, and you happened to remove and install your PC battery, there will be a noticeable lag in time. Therefore, if you do not set your time to automatic sync or use the universal time option, some of your browsers may not be able to verify the SSL/TLS certificate on a website.
  3. There is an incompatible plugin or web browser configuration: Any number of things could be wrong with the browser you are using. Maybe there is a plugin that has a high web-safety requirement and consequently shuts down the connection to a server it considers inadequate. Or it could be that you somehow configured your browser to block your communication with particular websites or servers.
  4. A third-party application/protocol is interrupting the handshake process: There may be an active third-party application that is interrupting the SSL/TLS handshake process. There are two well-known culprits capable of this: antivirus software applications and VPNs. Both of these applications can use firewalls to refuse your connection to a website, resulting in the “Could not establish trust relationship” error.
  5. The user needs to update their OS: It could simply be that your system OS is lacking something. As a result, the majority of its servers are insufficient for establishing a connection.

How to Fix “the underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel” Error on Windows 10

There are several ways you can effortlessly fix the SSL/TLS error on Windows 10 and 11. These are outlined below.

  1. Try a Different Browser: The first thing you should do when you encounter the “The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel” error is try a different browser. If you were using Google Chrome before, try using Mozilla Firefox or Microsoft Edge or any of the many other browsers.
  2. Reconfigure Your Browser: Assuming you don’t have another web browser installed on your PC, you could reconfigure your browser to ‘tolerate’ a website, irrespective of its SSL/TLS certificate problems. For example, you can enable Google Chrome to show content on insecure websites by following the subsequent process:
  • Navigate to the options menu by clicking the three dots at the top right-side of your Chrome interface.
  • Select Settings from the options and the Security and Privacy tab on the left pane.
  • Navigate to and click Site Settings and choose the Additional content settings from the options that pop up.
  • Select the Insecure content option and tap the Add button for the Allowed to show insecure content
  • Type in the URL of the website and add it.

You can enable Google Chrome to show content on insecure websites this way

  1. Enable TLS 1.2: You could also enable TLS 1.2 on your PC so that it runs the current protocol for verifying SSL/TLS certificates. To do this,
  • Initiate the Run program with Windows key + R.
  • Type cpl into the text box and enter. This takes you to the Internet Properties pop-up window.
  • Navigate to the Advanced tab options and scroll down to the TLS options.
  • Select and tick the Use TLS 1.2.
  • Click OK and restart your PC.

Follow these steps to enable TLS 1.2 on your PC so that it runs the current protocol for verifying SSL/TLS certificates

  1. Update PC Time/Date: If your PC time is incorrect and the SSL/TLS error keeps popping up, you should set the time to automatic update. This way, whenever your PC is connected to the Internet, it will synchronize your clock. To do this (option on Windows 11/10),
  • Go to the Settings page on your PC and select the Time and Language
  • From the Date & time tab, make sure that the Set time automatically option is turned on.
  • Click the Sync now

If you notice that restarting your PC resets this setting, you will need to use the Services option to set up an automatic synchronization. This way, you would not need to use the Sync now option whenever you restart your PC. To set up automatic time synchronization,

  • Initiate the Run program with Windows key + R.
  • Type msc into the text box and enter.
  • From the options that pop up, scroll down to Windows Time.
  • Right-click on the Windows Time option and select Properties.
  • Navigate to the Startup type button and choose Automatic from the options.
  • Move your cursor to the Service status option and select Start.
  • Next, click the Apply option and OK, and then restart your PC.

Set the time and to automatic update

  1. Opt for an Alternative Web Server: If you don’t have a way to get the web link to the website you are trying to reach and can only do that through a software application, you may need to look for an alternative web server from which to access the web content. On this front, you may be trying to use the cracked version of an application and are trying to go around the SSL/TLS secure channel error that pops up as a result. Visiting the official website and downloading the genuine software version and release is better for your PC health. This will save you from the stress of worrying about the invalid SSL certificate of the other website.
  2. Temporarily Shut Down Antivirus/VPN: You can also solve the “The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel” error by temporarily shutting down your Windows antivirus or the VPN you are currently using. As earlier explained, these applications have strong firewall protocols that may be responsible for the SSL/TLS error. Simply put, these protocols can block any perceived threat and therefore prevent you from accessing content from particular websites or servers. So, all you need to do is temporarily shut down these applications and you should be able to access the website. To temporarily disable the Windows Security app (which is the default antivirus for Windows 11/10),
  • Open the Windows Security app and select the Virus and threat protection tab on the left pane.
  • Move your cursor to the Virus and threat protection settings and click on Manage settings.
  • From the options that pop up, you can disable the button for Real-time protection, as well as Cloud-delivered protection.
  • Then you can try accessing the web server once again.

Note that this solution is not very safe. If the website is insecure and has cyber criminals waiting to breach the security of your system, this option effectively opens you up to attacks. Therefore, whenever you use this option (of disabling your antivirus temporarily) to access a website with a faulty SSL certificate, restart your PC immediately after so that the Windows antivirus can scan and remove every suspicious file from your PC. You can also use a trusted and safe malware tool in addition to Windows Security to give your PC added protection.

How to Fix TLS/SSL Errors on Windows 11

In addition to the global solutions presented in the previous section for fixing TLS/SSL errors on Windows, you can also use the control update command for Windows 11. This is a shortcut that you can use with the Run program (Windows key + R) to download and install needed driver and service updates for your Windows 11 OS. Simply open Run, type “control update” in the Run field, and click Enter. The system will start checking for new updates immediately.

Nevertheless, even though Windows 11 is still being strengthened and reinforced to remove gaps, it is easier to fix the “The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel” error on it. Therefore, if you are using Windows 11, the first thing to do when you encounter this error is update your Windows. If it doesn’t work, you can use the other solutions presented in this article.