How to Resolve Could not establish trust relationship for the SSL or TLS Secure Channel error message

PROBLEM:

You receive the message below when trying to elevate an application via a Least Privilege Manager SbPAM policy.

“There was an error while signing in. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS Secure Channel.”

OR

“The communication with the NPS server requires trusted communication. Enable certificate bypass in NPS Global Settings to override.”

CAUSE:

There are no SSL Certificates set up for use in the SbPAM / NPS server, and Signing is currently enabled on the endpoints.

RESOLUTION:

For CSE versions BEFORE 23.7.3583…

Enable the Endpoint Policy Manager ADMX Template setting below to BYPASS SSL Certificate verification on the endpoints.

Admin Templates > PolicyPak ADMX Settings > Client-Side Extensions > Least Privilege Manager > Bypass SbPAM server SSL certificate verification: ENABLED

For CSE versions AFTER 23.7.3583

The PolicyPak ADMX Template setting to BYPASS SSL Certificate verification on the endpoints has been REMOVED from the PolicyPak ADMX Troubleshooting files.

INSTEAD, you will need to use the latest MMC snap-in; either from your NPS download or via the PolicyPak download.

Then in the Least Privilege Manager node, in the Global Netwrix Privilege Secure Settings, select YES to Enable Certificate bypass like what’s seen here.

Endpoint Policy Manager Cloud also has this setting available in the in-cloud editor. You perform the same operation using these steps seen here.

In all cases the endpoint is instructed to Bypass SSL Certification Verification check. You can see the results on any particular endpoint like this.