A customer looking to query Storage Platform data from the OData feed in Excel sees the following error:
OData: Request failed: The underlying connection was closed:
Could not establish trust relationship for the SSL/TLS secure channel.
We serve two certificates on the Storage Platform. One is signed by a trusted certificate authority; the other is signed by Redstor's own root certificate. Because the Redstor certificate’s root certificate is not trusted by your machine, you have to manually add it to your Trusted Root Certification Authority store for OData queries from Excel to work. Redstor's ESE Agent trusts only the Redstor root certificate, while your browser trusts only certificates signed by certification authorities that are in your trusted store. In addition, the root certificate’s common name must match the Storage Platform's server address (domain name). If one of the certificates is not a trusted authority, or the common name and server address do not match, the above error will be shown when you try to access data from the Storage Platform.
In the case, Excel was used to make an OData query to the Storage Platform. The Platform saw Excel's TLS handshake as that of an ESE Agent and served the root certificate. However, because the root certificate’s common name and the server address did not match, the error was shown.
Add the Redstor root certificate to your trusted store. To do this:
- Download the root certificate here.
- Right-click the file and click Install Certificate (ensure that the file opens). The Certificate Import Wizard will appear.
- If Step 1 shows that "Current User" is selected, click Next.
- Select "Place all certificates in the following store" and browse to "Trusted Root Certificate Authorities" (on the Select Certificate Store window). Note that just adding the certificate to "Trusted Publishers" will not be sufficient.
- Click OK and then Next.
- Ensuring that "Certificate Store Selected by User" is set to "Trusted Root Certificate Authorities", click Finish.
- A dialog will appear confirming that the certificate was installed, click OK.
Now check that the certificate’s common name matches the Storage Platform's server address.