A little background information first. I have an SSIS package that runs inside a Windows Server 2003 SP2 32 bit environment. The package recently started failing with the following error during a script task which downloads a webpage using an SSL connection:
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Some digging revealed a couple of things: I also could not access the website in question using IE8 from the server (I can with Firefox), and the website had just been issued a new SHA256 certificate.
After doing some research, my current assumption is that the problem is that I don't have support for SHA2 certificates on this server. I grabbed the certificate from the site and ran CertUtil -verify [cert file]
which gives the following result:
The signature of the certificate can not be verified. 0x80096004 (-2146869244)
I found a couple of hotfixes from Microsoft, and from what I understand, either of them should enable support for SHA2 certificates:
So I requested the hotfix for kb968730 and attempted to install it, but got the following error:
The installation cannot continue because the following packages might not be valid:
KB2616676_V2 c:\windows\system32\dllcache\crypt32.dll 5.131.3790.4905
KB2616676_V2 c:\windows\system32\crypt32.dll 5.131.3790.4905
Reinstall the packages listed above, and then reinstall KB968730
The version of the crypt32 library that is included with the hotfix is 5.131.3790.4477 which explains why the installer won't proceed.
At this point I'm not quite sure what I need to do. The kb968730 article indicates that crypt32.dll is the only file that is updated by the hotfix which makes me think, since I have a newer version already, shouldn't I already have this functionality? But, it would seem as though I don't, unless I am mistaken about the root cause of the issue.