Authentication against the secure token server ... failed: Could not establish trust relationship for the SSL/TLS secure channel with authority ...
The Business Data List Connector for SharePoint
connects almost any on-premise or cloud-based data source, e.g. ODBC, OLEDB,
OData, Microsoft .NET based providers, Files (Excel, XML, CSV), SQL databases
like SQL Server, Oracle, MySQL, IBM DB2, IBM AS/400, IBM Informix, Notes,
SharePoint, Exchange, Active Directory, Navision, SAP and many more directly to
native SharePoint lists - in just minutes without any programming. But often
there are issues to connect via web services (e.g. CSOM, OData) using SSL/HTTPS.
This FAQ shows how to solve these general SharePoint (not BDLC related) issue.
To connect a local SharePoint
list to an external list in SharePoint Online you can use the new “Layer2 Data
Provider for SharePoint (CSOM)”. The connection string should look like
Authentication=Office365; User=myUser@mycompany.onmicrosoft.com ;
As you see SSL is used for secure communication. If you validate your
connection string you will see the following error message:
The authentication against the secure token server
'https://login.microsoftonline.com/extSTS.srf' failed: Could not establish trust
relationship for the SSL/TLS secure channel with authority
Fig.: Accessing web services from
inside SharePoint could raise the this error message
This is not a product related
error, but a general SharePoint issue. Microsoft SharePoint uses its own
certificate store and it does not trust the global standard certificates.
Especially it does not trust the certificates Microsoft uses on their Office 365
Login Page and SharePoint Online sites. To make your SharePoint trust these
certificates, you have to add them to your trusted certificates in SharePoint
First we have to retrieve the certificates required. To get the needed
certificates go to https://login.microsoftonline.com with the Microsoft Internet
Explorer. Click to the certificate item next to the addressbar and open the
certificate with “View certificates” link.
Fig.: How to get the certificate to
store in SharePoint certificate store later on.
Chose the root certificate (‘VeriSign’) from the “Certification Path” tab and
click “View Certificate”.
Fig.: Select and view a root
certificate in browser.
In the upcoming certificate window chose “Details” tab. There you can copy the
certificate to a file.
Fig.: Export a certificate to a file.
Save the file to a local folder on your computer. Afterwards login to your
SharePoint Online Workspace (https://yourcompany.sharepoint.com/) and repeat the
steps for the certificate (‘GTE CyberTrust Global Root’) of this site.
Fig.: Select the GTE CyberTrust
Global Root for view and export.
When you successfully saved both root certificates (VeriSign, GTE
CyberTrust Global Root) you have to add them to the trusted certificates of your
SharePoint server in Central Administration.
Fig.: Select Manage Trusts under
General Security to add the missing certificates
In Central Administration you find
the “Manage trust” zone in the ‘Security’ settings. Please add both
certificates. After these steps the validation of your connection string to
SharePoint Online will be successful und you can directly connect your lists for