Equisys technical notes

Technical guidance, explanations and fixes for our products

HOWTO: Enable TLS1.2 with Zetadocs for NAV

Print

ZTN4513

This Zetadocs technical note applies to:

  • Zetadocs for NAV 10.0
  • Systems without SSL2.0 in favour to a more recent protocol, like TLS1.0, TLS1.1, TLS1.2

Summary

This technote describes how to enable Zetadocs to use the machine encryption protocol, typically TLS1.2, by adding a windows registry key.

It can also be applied when observing the following error in the ZetadocsArchiveApi logs:
 

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

More information

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Equisys cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved.

To enable Zetadocs to use the machine encryption protocol, a registry key must be added to the server running the NAV service. The steps to follow are:

  • Open the Registry key editor (regedit in the windows search)
  • Ensure the protocol to be used is enabled for both Client and Server
    • Example
      • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
      • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

·         The key to add is [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SystemDefaultTlsVersions].

    • This key is a DWORD of value 1.
  • On x64 versions of windows: add the key [HKEY_LOCAL_MACHINE\SOFTWARE\ Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SystemDefaultTlsVersions]
    • This key is a DWORD of value 1.
  • Restart of the operating system.

Adding this registry key to 1 allows the operating system to choose the protocol version for applications targeting the .NET framework 4.6.1 such as Zetadocs for NAV 10.0 and later.

How to Test

To ensure this technote has been applied correctly and the system is working, please disable (both Client and server) the protocols SSL2.0 enable TLS1.2 (or, if required, another version of TLS or SSL1.0).

Restart the NAV service to test the protocols working.

The steps to follow are:

  • Open RegEdit 
  • Go to this path – HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  • If you see that you have SSL 2.0 or SSL 1.0 Hybrid mode – i.e. enabled for client but not for the server. You will need to have it consistent by enabling for both client and server. Once that is done, check to see if the issue persists.
  • Alternatively, you can disable for both which will validate the Solution 1 explained above that it has been applied correctly.

References

For further information, please refer to the Transport Layer Security (TLS) best practices with the .NET Framework by Microsoft.

Last updated: 13th March 2020 (CR/JC/NU) 

Keywords: TLS, encryption, Zetadocs, Zetadocs for NAV

EquisysLogo
 

Recent news

This article describes the new features and other improvements in the October 2020 update of the Zetadocs Expenses service. Zetadocs Expenses Release ...

When it comes to options, having more of them is generally a good thing. The most recent update to the Zetadocs Delivery and Zetadocs Capture Extension for Business Central brings with it ...