Docusign C# CreateEnvelope error - Could not establish trust relationship for the SSL/TLS secure channel

Question

After the go live process, I created the new keys and I am using them as well. But I got this error

Error calling CreateEnvelope: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I am using a c# application. The exception is thrown in the Create Envelope method:

EnvelopeDefinition Envelope = new EnvelopeDefinition
{
       EmailSubject = EmailSubject,
       Documents = EnvelopeDocuments,
       Recipients = new Recipients { Signers = Signers },
       Status = "sent"
};

return GetEnvelopesApi().CreateEnvelope(_AccountId, Envelope).EnvelopeId;

Where GetEnvelopesApi just call the public EnvelopesApi(Configuration configuration = null); of docusign.esign.api:

 private EnvelopesApi GetEnvelopesApi()
 {
      ApiClient Client = new ApiClient("https://docusign.net/restapi");

      Client.Configuration.AddDefaultHeader("Authorization", "Bearer " + GetAccessToken());

      return new EnvelopesApi(Client.Configuration);
 }

If I use my developer demo keys instead of the production ones, and "https://demo.docusign.net/restapi" instead of the production url, it works.

Answer 1

What you did to get to the error message

{"errorCode":"USER_LACKS_MEMBERSHIP",
 "message": "The UserID does not have a valid membership in this Account."} 

was correct .

Next, you need to solve the problem that causes the USER_LACKS_MEMBERSHIP error. It is probably due to you continuing to use a UserId (guid format) from the developer (demo) account. You need to use a UserId from your production account.

Also note that you must determine what the base url is for your account. That determines if you should use www.docusign.net in production, or na2.docusign.net or something else.

You can determine the base url for your account manually or automatically. But it must be correct... Ask another question if you need help on that subject.

Answer 2

The problem you have is the lack of https , so you need to change the url to https://docusign.net/restapi

UPDATE

I think I found your issue! The url should be https://www.docusign.net/restapi due to the fact the ssl certificate is signed to use www. and gives you a certificate error when you don't have it

UPDATE 2

Add the following line before to make the connection:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

That is in order to force the connection to use TLS 1.2

Also, I would suggest you to debug it inside the function so you know where it breaks within it

UPDATE 3

In case you still receive the SSL/TLS issue, you could try to add the following line before your rest call too:

ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;