Solved: Could not establish trust relationship for the SSL...

jtelovaa · ‎10-19-2023

Hi

I am trying to fetch data to Power BI from a system that mainly uses client cert authentication with self-signed certificates. Since Power BI does not support client cert authentication, we are using api keys to the same endpoint. Despite disabling ssl verification from the server, I am still receiving the SSL trust relationship error with Power BI. However postman and other http clients can fetch the data from the same endpoint with api keys just fine, so the issue is with Power BI. There have been previous questions about the same thing here, and most seem to suggests two things:

1. Clear SSL state from internet options

2. Disable certificate revocation from Power BI options

I have done both of these things and still get the same error. The nginx server to which the requests are made simply logs a generic error: "client closed connection while waiting for request". Any ideas what might cause this?

jtelovaa · ‎01-24-2024

In case anyone runs into this and has the exact same problem than I did, here is a solution I have not found elsewhere.

I raised a ticket from power platform admin center. We installed Fiddler Classic to collect trace logs. From Fiddler settings (tools -> options -> HTTPS) enabled "decrypt HTTPS traffic" and trusted the cert (not sure if this is a necessary step). With Fiddler running I tried to connect Power BI again, and got an error from Fiddler that said: "The server <ip> presented a certificate that did not validate, because it was issued to a different host". After clicking yes from the error dialog, power bi connected and the issue was fixed. Apparently Fiddler changed some windows wide setting to trust the cert, which power bi by itself couldn't handle (even though certificate revocation was turned off).

So if you are using self-signed certs and haven't paid attention to the common name of the cert, that might be the issue.

View solution in original post

jtelovaa · ‎01-24-2024

In case anyone runs into this and has the exact same problem than I did, here is a solution I have not found elsewhere.

I raised a ticket from power platform admin center. We installed Fiddler Classic to collect trace logs. From Fiddler settings (tools -> options -> HTTPS) enabled "decrypt HTTPS traffic" and trusted the cert (not sure if this is a necessary step). With Fiddler running I tried to connect Power BI again, and got an error from Fiddler that said: "The server <ip> presented a certificate that did not validate, because it was issued to a different host". After clicking yes from the error dialog, power bi connected and the issue was fixed. Apparently Fiddler changed some windows wide setting to trust the cert, which power bi by itself couldn't handle (even though certificate revocation was turned off).

So if you are using self-signed certs and haven't paid attention to the common name of the cert, that might be the issue.

lbendlin · ‎10-21-2023

yeah, this keeps cropping up.

You can raise an issue at https://community.fabric.microsoft.com/t5/Issues/idb-p/Issues . If you have a Pro license you can consider raising a Pro ticket at https://admin.powerplatform.microsoft.com/newsupportticket/powerbi

Could not establish trust relationship for the SSL/TLS secure channel with self-signed certificates

Helpful resources

Join us at the Microsoft Fabric Community Conference

Power BI Monthly Update - February 2025

Fabric Community Update - February 2025

How to Get Your Question Answered Quickly

Join us at the 2025 Microsoft Fabric Community Conference