Authentication against the secure token server ... failed: Could not establish trust relationship for the SSL/TLS secure channel with authority ...

The Business Data List Connector for SharePoint connects almost any on-premise or cloud-based data source, e.g. ODBC, OLEDB, OData, Microsoft .NET based providers, Files (Excel, XML, CSV), SQL databases like SQL Server, Oracle, MySQL, IBM DB2, IBM AS/400, IBM Informix, Notes, SharePoint, Exchange, Active Directory, Navision, SAP and many more directly to native SharePoint lists - in just minutes without any programming. But often there are issues to connect via web services (e.g. CSOM, OData) using SSL/HTTPS. This FAQ shows how to solve these general SharePoint (not BDLC related) issue.

To connect a local SharePoint list to an external list in SharePoint Online you can use the new “Layer2 Data Provider for SharePoint (CSOM)”. The connection string should look like this:

URL=https://mycompany.SharePoint.com/sites/mysite/; List=myList; Authentication=Office365; [email protected] ;  Pass=myPassword; View=AllItems

As you see SSL is used for secure communication. If you validate your connection string you will see the following error message:

The authentication against the secure token server 'https://login.microsoftonline.com/extSTS.srf' failed: Could not establish trust relationship for the SSL/TLS secure channel with authority 'login.microsoftonline.com'.

Fig.: Accessing web services from inside SharePoint could raise the this error message

This is not a product related error, but a general SharePoint issue. Microsoft SharePoint uses its own certificate store and it does not trust the global standard certificates. Especially it does not trust the certificates Microsoft uses on their Office 365 Login Page and SharePoint Online sites. To make your SharePoint trust these certificates, you have to add them to your trusted certificates in SharePoint Central Administration.

First we have to retrieve the certificates required. To get the needed certificates go to https://login.microsoftonline.com with the Microsoft Internet Explorer. Click to the certificate item next to the addressbar and open the certificate with “View certificates” link.

 Fig.: How to get the certificate to store in SharePoint certificate store later on.

Chose the root certificate (‘VeriSign’) from the “Certification Path” tab and click “View Certificate”.

Fig.: Select and view a root certificate in browser.

In the upcoming certificate window chose “Details” tab. There you can copy the certificate to a file.

Fig.: Export a certificate to a file. 

Save the file to a local folder on your computer. Afterwards login to your SharePoint Online Workspace (https://yourcompany.sharepoint.com/) and repeat the steps for the certificate (‘GTE CyberTrust Global Root’) of this site.

Fig.: Select the GTE CyberTrust Global Root for view and export.

When you successfully saved both root certificates (VeriSign, GTE CyberTrust Global Root) you have to add them to the trusted certificates of your SharePoint server in Central Administration.

Fig.: Select Manage Trusts under General Security to add the missing certificates

In Central Administration you find the “Manage trust” zone in the ‘Security’ settings. Please add both certificates. After these steps the validation of your connection string to SharePoint Online will be successful und you can directly connect your lists for data replication.

Next Steps

​You can download the Business Data List Connector after registration here.

READY TO GO NEXT STEPS?