When trying to add a new child Notification Server (NS) to a hierarchy, we are getting a message saying:

• 'https://<NS NAME>/Altiris/Console/' is not a valid NS website. Reason: The underlying connection was closed: Could not establish a trust relationship for the SSL/TLS secure channel..
• 'http://<NS NAME>/Altiris/Console/' is not a valid NS website. Reason: The remote server returned an error: (403) Forbidden..

To solve this issue you need (if both servers have the same TLS versions enabled already):

• The Child NS must have the Parent's certificate
• The Parent NS must have the Child's certificate

In the Parent NS, open MMC

• Click on File > Add/Remove Snap-in... > Add Certificates to the "Selected Snap-ins"
  • 
• Select "Computer account" and click Next
  • 
• Select "Local computer..." then click Finish and Okay
  • 
• In the Microsoft Management Console go to: Root > Trusted Root Certification Authority > Certificates you should find a certificate with the NS name on it
• Select the one that says "Server Authentication", right-click > All Tasks > Export
  • 
• Select "No, do not export the private key"
• Save it to a location and copy it to the Child NS
• Access the Child NS and open the MMC
• Add the Certificate snap-in (as previously instructed)
• Go to Console Root > Trusted Root Certification Authority > Certificates, and right-click in the Certificates folder
• Select "All Tasks > Import", and import the Parent NS certificate that you copied to the Child NS
  •