Equisys technical notes

Technical guidance, explanations and fixes for our products

HOWTO: Enable TLS1.2 with Zetadocs for NAV



This Zetadocs technical note applies to:

  • Zetadocs for NAV 10.0
  • Systems without SSL2.0 in favour to a more recent protocol, like TLS1.0, TLS1.1, TLS1.2


This technote describes how to enable Zetadocs to use the machine encryption protocol, typically TLS1.2, by adding a windows registry key.

It can also be applied when observing the following error in the ZetadocsArchiveApi logs:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

More information

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Equisys cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved.

To enable Zetadocs to use the machine encryption protocol, a registry key must be added to the server running the NAV service. The steps to follow are:

  • Open the Registry key editor (regedit in the windows search)
  • Ensure the protocol to be used is enabled for both Client and Server
    • Example
      • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
      • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

·         The key to add is [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SystemDefaultTlsVersions].

    • This key is a DWORD of value 1.
  • On x64 versions of windows: add the key [HKEY_LOCAL_MACHINE\SOFTWARE\ Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SystemDefaultTlsVersions]
    • This key is a DWORD of value 1.
  • Restart of the operating system.

Adding this registry key to 1 allows the operating system to choose the protocol version for applications targeting the .NET framework 4.6.1 such as Zetadocs for NAV 10.0 and later.

How to Test

To ensure this technote has been applied correctly and the system is working, please disable (both Client and server) the protocols SSL2.0 enable TLS1.2 (or, if required, another version of TLS or SSL1.0).

Restart the NAV service to test the protocols working.

The steps to follow are:

  • Open RegEdit 
  • Go to this path – HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  • If you see that you have SSL 2.0 or SSL 1.0 Hybrid mode – i.e. enabled for client but not for the server. You will need to have it consistent by enabling for both client and server. Once that is done, check to see if the issue persists.
  • Alternatively, you can disable for both which will validate the Solution 1 explained above that it has been applied correctly.


For further information, please refer to the Transport Layer Security (TLS) best practices with the .NET Framework by Microsoft.

Last updated: 13th March 2020 (CR/JC/NU) 

Keywords: TLS, encryption, Zetadocs, Zetadocs for NAV

Equisys Logo, Document Management and Expense Management for Business Central

Recent news

If you run a business, no matter the size, then it’s highly likely that you will have to deal with business expenses. And, if you employ staff – no matter how many or few – then the chances are ...

Much of what we’ve written in the past on topics such as Zetadocs and the transformational power of automation has referenced the standard working model of most offices. One aspect of that ...