December 31, 2023

Microsoft.Data.SqlClient.SqlException: The certificate chain was issued by an authority that is not trusted

I faced this error while using the Entity Framework Core with .Net 6.0,

Microsoft.Data.SqlClient.SqlException: 'A connection was successfully established 
with the server, but then an error occurred during the login process. 
(provider: SSL Provider, error: 0 - The certificate chain was issued by an authority
that is not trusted.)'

Breaking change in Microsoft.Data.SqlClient 4.0.0.

I found there is breaking change in Microsoft.Data.SqlClient - 4.0.0 .

Changed Encrypt connection string property to be true by default:
The default value of the Encrypt connection setting has been changed from false to true. 
With the growing use of cloud databases and the need to ensure those connections are secure, 
it's time for this backwards-compatibility-breaking change.

Ensure connections fail when encryption is required:
In scenarios where client encryption libraries were disabled or unavailable, 
it was possible for unencrypted connections to be made when Encrypt was set to true
or the server required encryption.

Solution

The quick-fix is to add Encrypt=False to your connection-strings.

Alongwith Encrypt=False, setting Trusted_Connection=True would also help.

Another workaround if you are using local computer is to set

TrustServerCertificate=True

Please note that, setting TrustServerCertificate=True is not a real fix. The more authentic part of the solution is installing a CA signed certificate.

References:

1 comment:

  1. This article on the SqlException related to untrusted certificate chains is very helpful! Just like Better Joy enhances your gaming, resolving these issues can improve your app's security.

    ReplyDelete