Share via

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure

Mani 45 Reputation points
2025-05-12T09:41:55.79+00:00

Hi, We are reading data from on-prem db2 data base by using selfhosted integration runtime and writing same data to azure data lake storage by using Azure Data Lake Storage Gen2 connector . I am using manged integration runtime for writing data to data lake storage. Our data factory, selfhosted integration runtime virtual machine and storage account are in same azure subscription and using same subnet. I am able to write data to azure data lake storage by using azure blob connector.

I am facing the below error.

ErrorCode=AdlsGen2OperationFailed,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=ADLS Gen2 operation failed for: An error occurred while sending the request.. Account: 'cetlpdfsdev'. FileSystem: 'input'..,Source=Microsoft.DataTransfer.ClientLibrary,''Type=System.Net.Http.HttpRequestException,Message=An error occurred while sending the request.,Source=mscorlib,''Type=System.Net.WebException,Message=The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.,Source=System,''Type=System.Security.Authentication.AuthenticationException,Message=The remote certificate is invalid according to the validation procedure.,Source=System,'",

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,585 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michele Ariis 1,640 Reputation points MVP
    2025-05-12T10:11:59.3833333+00:00

    Hi, try this:

    -Import on the Self-Hosted IR VM the root CA that signs *.dfs.core.windows.net (e.g. DigiCert Global Root G2) in “Trusted Root Certification Authorities”.

    -Restart the “Azure Data Factory Integration Runtime” service.

    -If you have a proxy/SSL-inspection, import also its root CA and try again (you can test with Invoke-WebRequest https://<account>.dfs.core.windows.net/?resource=filesystem).

  2. Michele Ariis 1,640 Reputation points MVP
    2025-05-12T11:28:16.5566667+00:00

    Here’s how to import your SSL-inspection root certificate for *.dfs.core.windows.net on the Self-Hosted IR VM:

    Export the inspection root cert

    From your proxy/firewall, export the root CA certificate in Base-64 .cer format.

    Open the local machine cert store

      Run `certlm.msc` as Administrator.
    1. Import into Trusted Root

    Navigate to Trusted Root Certification Authorities → Certificates, right-click All Tasks → Import…, and follow the wizard to select your .cer file.

    • Or via PowerShell (Admin): 
           
     Import-Certificate -FilePath "C:\path\inspection-root.cer" -CertStoreLocation Cert:\LocalMachine\Root
    1. Restart the IR service 
         
   Restart-Service -Name "Azure Data Factory Integration Runtime"
      1. Test connectivity Run:
         
   Invoke-WebRequest https://<account>.dfs.core.windows.net/?resource=filesystem
      If no TLS errors appear, you’re all set.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.