Connecting to SQL Server from ASP.NET Core applications can sometimes result in the error “The certificate chain was issued by an authority that is not trusted.” This occurs because the application does not trust the certificate used by SQL Server by default. Luckily, there are a few ways to resolve this error:
Add TrustServerCertificate=True to the connection string
The easiest solution is to append TrustServerCertificate=True to the SQL Server connection string in your ASP.NET Core application’s configuration. This will tell the connection to trust the certificate presented by SQL Server without further verification.
For example:
"Server=myServer;Database=myDB;User Id=myUser;Password=myPassword;TrustServerCertificate=True;"
While this resolves the issue, security experts caution that blindly trusting any certificate should only be done for development/testing purposes and not in production.
Use Windows Authentication instead of SQL Server Authentication
If you are able to switch to Windows Authentication, the connection will automatically trust the server certificate without the need for TrustServerCertificate=True.
Just change the connection string to integrate Windows Auth:
"Server=myServer;Database=myDB;Integrated Security=True;"
This is more secure than blind certificate trust, but still requires configuring your SQL Server properly for Windows Auth.
Install a valid CA-signed certificate on SQL Server
The most robust solution is to install a valid SSL/TLS certificate on your SQL Server signed by a trusted certificate authority (CA). This will allow the .NET application to verify the certificate chain is valid without blindly trusting any cert.
If your SQL Server instance supports TLS 1.2, you can request a free certificate from a public CA like Let’s Encrypt. Otherwise, you must purchase a certificate from a trusted commercial CA.
Your ASP.NET Core application will connect successfully without any certificate errors with a valid CA-signed certificate.
Conclusion – Certificate Chain
In summary, the “not trusted” error occurs because SQL Server uses a self-signed certificate by default. You can either trust this cert blindly, switch to Windows Auth, or install a proper CA-signed certificate to resolve this issue when connecting from ASP.NET Core apps.
You can further follow me on Twitter.
Reference:Â Pinal Dave (https://blog.sqlauthority.com)
1 Comment. Leave new
Hi Pinal Dave,
I’m having this error when trying to add/change some Power BI features. Always keep showing “Pending Queries” and after opening the Query Editor, shows ErrorCode = -2146232060 (The certificate chain was issued by an authority that is ot trusted).
However I don’t understand where should I change the string presented in the 1st and 2nd solution…. Where should I paste it?
Thank you in advance.