Recently we were trying to build a Logic App which would talk to a Storage Account via the Gen2 Data Lake API using the HTTP connector. This scenario works fine until you have your storage account on a private endpoint. We can talk to the data lake storage account from Synapse and with various tools but for some reason our ISE environment which was connected to a VNET which is peered with the VNET that our storage account private endpoint is connected to isnt happy and we get the SSL issue shown below.
Its one of those awkward ones to sort out when you dont have an option to skip certificate verification like you could in APIM and then you have all of the complexity of the networking and DNS setup which involves multiple different stakeholders to troubleshoot this. I guess there might be something about the dns which isnt happy but anyway we didnt have time to troubleshoot this too much so instead we converted to using the blob API with the same storage account on the same private endpoint which worked fine with no ssl issues.
Before we used – https://[My-Datalake].dfs.core.windows.net/internal/raw/fromsharepoint/Document2.docx?resource=file
After we used – https://[My-DataLake].blob.core.windows.net/internal/raw/fromsharepoint/Document2.docx
Now its important to note here that we are changing the API we are using to talk to the storage account so there are some differences about how you interact with the file system in the storage account, some of the headers and operations are different but you can achieve many of the same scenarios.
Hopefully if you get blocked with the private endpoint scenario then you can workaround it like we did and if I ever get a chance to take another look at this then ill update our findings or if anyone else has got this working then feel free to add a comment.
