On the specify endpoint access page, specify whether you want OData feeds exposed by data sources be accessed via HTTP or HTTPS. When a user uses the URL from the Admin Center to connect to the feed, the URL gets resolved to an on-premises HTTP or HTTPS-based URL based on the setting you specify here. When you select Connect using HTTPS, with port, you can specify the port and the SSL certificate. The gateway needs a certificate to provide SSL over HTTP connection. We recommend that you use a certificate from a certificate authority (CA). You can use a self-signed certificate for testing purposes by following these steps:
- If you have installed Visual Studio, open Developer Command Prompt for VS command with elevated privilege. Otherwise, download the MakeCert tool from here, and open a command prompt with elevated privilege.
- Run the following makecert command by replacing “yourserver” with your full computer name (for example: leo.fabrikam.com):
makecert -r -pe -n "CN=yourserver" -b 01/01/2000 -e 01/01/2050 -eku 220.127.116.11.18.104.22.168.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
The newly created certificate (with expiration date: 1/1/2050) is in the Personal folder. You need to copy the cert into Trusted Root Certificates Authorities\Certificates folder (or drag and drop with CTRL key pressed).
When you try to access the OData feed from a machine (let’s say Machine B) that is different from the machine on which the gateway is running (Machine A), you may see an error message. For example, you may see the following error when you try to access the OData feed by using the Power Query Add-in for Excel from Machine B: DataSourceError: OData: Request failed (TrustFailure): The underlying connection was close: Count not establish trust relationship for the SSL/TLS secure channel.
A cause for this error could be that a self-signed certificate is being used to secure the OData feed and the certificate is missing from the Machine B. You can resolve the error by exporting the self-signed certificate from the Machine A and importing it on Machine B into Trusted Root Certificates Authorities\Certificates folder.
To export the certificate, you can run MMC in command line and then add Certificates snap-in with Computer account and then Local computer to browse the certificates store. and then export the cert (right click the cert, click All Tasks, click Export, select Yes export the private key, select Personal Information Exchange – PKCS, and specify a password) out as a *.pfx file.