Medium severitygateway
Power BI Refresh Error:
Could not establish trust relationship for the SSL/TLS secure channel
What does this error mean?
The gateway rejected the SSL/TLS certificate presented by the data source because it is self-signed, expired, or issued by an untrusted certificate authority.
Common causes
- 1The data source uses a self-signed certificate that is not in the gateway machine's trusted certificate store
- 2The SSL certificate on the data source has expired
- 3The certificate was issued by an internal CA that is not trusted by the gateway machine
- 4The hostname in the certificate does not match the hostname used in the connection string (CN mismatch)
- 5A certificate was recently replaced without being added to the trusted store on the gateway host
How to fix it
- 1Install the data source's SSL certificate (or its issuing CA certificate) into the 'Trusted Root Certification Authorities' store on the gateway machine.
- 2If the certificate is expired, renew it on the data source server.
- 3Verify the certificate's CN or SAN matches the hostname used in your Power BI connection string.
- 4As a temporary workaround, you can disable certificate validation in the connection string — but this should not be used in production.
- 5Use MMC (certmgr.msc) on the gateway machine to inspect which certificates are trusted and add the missing CA.