SQL SERVER – Fix – Error – The certificate chain was issued by an authority that is not trusted

SQL SERVER - Fix - Error - The certificate chain was issued by an authority that is not trusted certificateoftrust-800x775 Connecting to SQL Server from ASP.NET Core applications can sometimes result in the error “The certificate chain was issued by an authority that is not trusted.” This occurs because the application does not trust the certificate used by SQL Server by default. Luckily, there are a few ways to resolve this error:

Add TrustServerCertificate=True to the connection string

The easiest solution is to append TrustServerCertificate=True to the SQL Server connection string in your ASP.NET Core application’s configuration. This will tell the connection to trust the certificate presented by SQL Server without further verification.

For example:

"Server=myServer;Database=myDB;User Id=myUser;Password=myPassword;TrustServerCertificate=True;"

While this resolves the issue, security experts caution that blindly trusting any certificate should only be done for development/testing purposes and not in production.

Use Windows Authentication instead of SQL Server Authentication

If you are able to switch to Windows Authentication, the connection will automatically trust the server certificate without the need for TrustServerCertificate=True.

Just change the connection string to integrate Windows Auth:

"Server=myServer;Database=myDB;Integrated Security=True;"

This is more secure than blind certificate trust, but still requires configuring your SQL Server properly for Windows Auth.

Install a valid CA-signed certificate on SQL Server

The most robust solution is to install a valid SSL/TLS certificate on your SQL Server signed by a trusted certificate authority (CA). This will allow the .NET application to verify the certificate chain is valid without blindly trusting any cert.

If your SQL Server instance supports TLS 1.2, you can request a free certificate from a public CA like Let’s Encrypt. Otherwise, you must purchase a certificate from a trusted commercial CA.

Your ASP.NET Core application will connect successfully without any certificate errors with a valid CA-signed certificate.

Conclusion – Certificate Chain

In summary, the “not trusted” error occurs because SQL Server uses a self-signed certificate by default. You can either trust this cert blindly, switch to Windows Auth, or install a proper CA-signed certificate to resolve this issue when connecting from ASP.NET Core apps.

You can further follow me on Twitter.

Reference: Pinal Dave (https://blog.sqlauthority.com)

Quest

Connection String, SQL Error Messages, SQL Server Security
Previous Post
Dissecting BDD and TDD: An In-Depth Comparison
Next Post
SQL SERVER – How to Move a Table into a Schema in T-SQL

Related Posts

1 Comment. Leave new

  • Hi Pinal Dave,

    I’m having this error when trying to add/change some Power BI features. Always keep showing “Pending Queries” and after opening the Query Editor, shows ErrorCode = -2146232060 (The certificate chain was issued by an authority that is ot trusted).
    However I don’t understand where should I change the string presented in the 1st and 2nd solution…. Where should I paste it?
    Thank you in advance.

    Reply

Leave a Reply