SQL Server 2017 and TLS – client requirements

All we need is an easy explanation of the problem, so here it is.

I am testing something around SSL\TLS and SQL Server 2017. I have enabled TLS on a test SQL Server instance by creating a self-signed cert and doing the required steps to add it to the Windows certificate store and then adding it to SQL Server in Configuration Manager. I have set also ‘Force Encryption’ to ‘On’, and restarted the service. So as far as I can ascertain that is enough to enable TLS on the SQL Server side.

For client applications on other computers connecting to the SQL Server instance I am confused as to what the connection string requirements are for connections using SqlClient. My understanding from reading up on it was that ‘TrustServerCertificate=true’ would have to be added to the connection string, but it seems possible to connect without that.

Is this because the certificate on the server is seen as being from a trusted authority?

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

no,

TrustServerCertificate=true

means more or less

ignore certification source verification

It’s used in env like your when a self-signed certificate is used for encryption.
It’s better to use the certificate produced by a CA and distributed by your AD GPO.
In that case you don’t need to use ‘TrustServerCertificate=true’; but be sure to use in the connection string the FQDN of the server that is inside the certificate.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply