Authentication against the secure token server ... failed: Could not establish trust relationship for the SSL/TLS secure channel with authority ...

 

The Business Data List Connector for SharePoint connects almost any on-premise or cloud-based data source, e.g. ODBC, OLEDB, OData, Microsoft .NET based providers, Files (Excel, XML, CSV), SQL databases like SQL Server, Oracle, MySQL, IBM DB2, IBM AS/400, IBM Informix, Notes, SharePoint, Exchange, Active Directory, Navision, SAP and many more directly to native SharePoint lists - in just minutes without any programming. But often there are issues to connect via web services (e.g. CSOM, OData) using SSL/HTTPS. This FAQ shows how to solve these general SharePoint (not BDLC related) issue.

 

 

To connect a local SharePoint list to an external list in SharePoint Online you can use the new “Layer2 Data Provider for SharePoint (CSOM)”. The connection string should look like this:

 

URL=https://mycompany.SharePoint.com/sites/mysite/; List=myList; Authentication=Office365; User=myUser@mycompany.onmicrosoft.com ;  Pass=myPassword; View=AllItems

 

 

As you see SSL is used for secure communication. If you validate your connection string you will see the following error message:

 

The authentication against the secure token server 'https://login.microsoftonline.com/extSTS.srf' failed: Could not establish trust relationship for the SSL/TLS secure channel with authority 'login.microsoftonline.com'.

 

Authentication against the secure token server ... failed: Could not establish trust relationship for the SSL/TLS secure channel

Fig.: Accessing web services from inside SharePoint could raise the this error message

 

 

This is not a product related error, but a general SharePoint issue. Microsoft SharePoint uses its own certificate store and it does not trust the global standard certificates. Especially it does not trust the certificates Microsoft uses on their Office 365 Login Page and SharePoint Online sites. To make your SharePoint trust these certificates, you have to add them to your trusted certificates in SharePoint Central Administration.

 

First we have to retrieve the certificates required. To get the needed certificates go to https://login.microsoftonline.com with the Microsoft Internet Explorer. Click to the certificate item next to the addressbar and open the certificate with “View certificates” link.

 

sharepoint office 365 ssl 1

 Fig.: How to get the certificate to store in SharePoint certificate store later on.

 

 

Chose the root certificate (‘VeriSign’) from the “Certification Path” tab and click “View Certificate”.

 

sharepoint office 365 ssl 2

Fig.: Select and view a root certificate in browser.

 

 

In the upcoming certificate window chose “Details” tab. There you can copy the certificate to a file.

 

sharepoint office 365 ssl 3

Fig.: Export a certificate to a file. 

 

 

Save the file to a local folder on your computer. Afterwards login to your SharePoint Online Workspace (https://yourcompany.sharepoint.com/) and repeat the steps for the certificate (‘GTE CyberTrust Global Root’) of this site.

 

sharepoint office 365 ssl 4

Fig.: Select the GTE CyberTrust Global Root for view and export.

 

 

When you successfully saved both root certificates (VeriSign, GTE CyberTrust Global Root) you have to add them to the trusted certificates of your SharePoint server in Central Administration.

 

sharepoint office 365 ssl 5

Fig.: Select Manage Trusts under General Security to add the missing certificates

 

 

In Central Administration you find the “Manage trust” zone in the ‘Security’ settings. Please add both certificates. After these steps the validation of your connection string to SharePoint Online will be successful und you can directly connect your lists for data replication.

Next Steps

 

​You can download the Business Data List Connector after registration here.

READY TO GO NEXT STEPS?

Layer2 leading solutions product regsitration icon: a grey square with a big orange pen symbol.

Register for free download.

Keep your Sharepoint in sync. Download and try today.

Contact Us Icon for Layer2 leading solutions

Questions? Contact us.

We are here to help. Contact us and our consulting will be happy to answer your questions.