Peer certificate cannot be authenticated with given CA certificates (

Published: 08 Sep 2017
Last Modified Date: 09 Sep 2017


When running an extract refresh or loading a view which is using a Google data source, the following errors are occuring in Tableau Server:
"Internet communication error: Peer certificate cannot be authenticated with given CA certificates
"Unable to connect to data source with the supplied credentials, or no credentials provided."


  • Tableau Server  
  • Google BigQuery
  • Google Sheets
  • Google Analytics


Customers may not have the root certificate used by the new chain. The new chain's root cert is:

  "Globalsign Root CA - R2" - available here: with this fingerprint: "75:e0:ab:b6:13:85:12:27:1c:04:f8:5f:dd:de:38:e4:b7:24:2e:fe"

In order to resolve this error, you will need to trust this certificate on machines running vizqlserver, dataserver, and backgrounder.

Ways to get the certificate

Often you may be able to get the certificate by having a browser like IE or Chrome fetch it for you by visiting one of the following sites from the Tableau Server machine itself:, or, This allows the web browser on the Tableau Server machine to fetch the intermediate certificate automatically for you. However, we are providing the above listed certificate link in case you want to download and install it on multiple machines, or in case using a browser to visit the link does not resolve the issue.

In some cases, installing the certificate through a browser does not install the certificate at the operating system (OS) level, so Tableau Desktop still cannot interact as expected with Tableau Server. The certificate must then be manually installed in the trusted root certificates of the server machine. The two certificates needed are: and

Instructions on how to manually install the certificates can be found in this knowledge base article: Error: "Internet communication error: The certificate authority is invalid or incorrect" After Signing in to Tableau Server from Tableau Desktop


This occurs when Google changes their certificates. In some cases, the trust chain is defined differently from their previous certificate.
Did this article resolve the issue?