SqlClient connection strings use Encrypt=False by default. This allows connections on development machines where the local server does not have a valid certificate.
SqlClient connection strings use Encrypt=True by default. This means that:
- The server must be configured with a valid certificate
- The client must trust this certificate
If these conditions are not met, then the
SqlException will be thrown.
If you use EF Core 7.0 (EF7), you may get the same error also due to the breaking change in Microsoft.Data.SqlClient package. You can get more detail info here:
There are three ways to proceed:
- Install a valid certificate on the server. Note that this is an involved process and requires obtaining a certificate and ensuring it is signed by an authority trusted by the client.
- If the server has a certificate, but it is not trusted by the client, then TrustServerCertificate=True allows bypassing the normal trust mechanisms.
- Explicitly add Encrypt=False to the connection string.
Please do not worry, all of our DB servers have a valid certificate installed. So if your application connects to your online DB on our end, you would not get such an issue. However, if your application is connected to an external DB server that does not have a valid certificate installed, then you will get sql exception as above.
You can safely trust the server certificate by adding TrustServerCertificate=True OR Encrypt=False in the database ConnectionString to wave such issue or contact your DB server provider to import a valid certificate to their DB server.