Equisys technical notes

Technical guidance, explanations and fixes for our products

HOWTO: Enable TLS1.2 with Zetadocs for NAV



This Zetadocs technical note applies to:

  • Zetadocs for NAV 10.0
  • Systems without SSL2.0 in favour to a more recent protocol, like TLS1.0, TLS1.1, TLS1.2


This technote describes how to enable Zetadocs to use the machine encryption protocol, typically TLS1.2, by adding a windows registry key.

It can also be applied when observing the following error in the ZetadocsArchiveApi logs:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

More information

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Equisys cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved.

To enable Zetadocs to use the machine encryption protocol, a registry key must be added to the server running the NAV service. The steps to follow are:

  • Open the Registry key editor (regedit in the windows search)
  • Ensure the protocol to be used is enabled for both Client and Server
    • Example
      • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
      • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

·         The key to add is [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SystemDefaultTlsVersions].

    • This key is a DWORD of value 1.
  • On x64 versions of windows: add the key [HKEY_LOCAL_MACHINE\SOFTWARE\ Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SystemDefaultTlsVersions]
    • This key is a DWORD of value 1.
  • Restart of the operating system.

Adding this registry key to 1 allows the operating system to choose the protocol version for applications targeting the .NET framework 4.6.1 such as Zetadocs for NAV 10.0 and later.

How to Test

To ensure this technote has been applied correctly and the system is working, please disable (both Client and server) the protocols SSL2.0 enable TLS1.2 (or, if required, another version of TLS or SSL1.0).

Restart the NAV service to test the protocols working.

The steps to follow are:

  • Open RegEdit 
  • Go to this path – HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  • If you see that you have SSL 2.0 or SSL 1.0 Hybrid mode – i.e. enabled for client but not for the server. You will need to have it consistent by enabling for both client and server. Once that is done, check to see if the issue persists.
  • Alternatively, you can disable for both which will validate the Solution 1 explained above that it has been applied correctly.


For further information, please refer to the Transport Layer Security (TLS) best practices with the .NET Framework by Microsoft.

Last updated: 13th March 2020 (CR/JC/NU) 

Keywords: TLS, encryption, Zetadocs, Zetadocs for NAV

Equisys Logo, Document Management and Expense Management for Business Central

Recent news

As spring is finally here, so too is the new financial year for many businesses. This is usually the time of year when new business plans are being carried out in full effect. However, due to ...

A Document Management System or DMS helps an organization store, manage and track its electronic documents and scanned images of paper-based documents. Integrated and automated document management ...