5

I created a simple .NET 7.0 app with SQL Server and if I use the default "localdb" or even after I change it to a "network server", I get the error below:

The certificate chain was issued by an authority that is not trusted.

My connection string is:

mysqlserver.com;Initial Catalog=db_database;User Id=db_admin;Password=pass123;Persist Security Info=True;Encrypt=true;TrustServerCertificate=yes

What am I doing wrong?

PS: With the above connection string I can scaffold the database.

Dale K
  • 25,246
  • 15
  • 42
  • 71
Fillo
  • 141
  • 1
  • 10
  • Does this answer your question? ["The certificate chain was issued by an authority that is not trusted" when connecting DB in VM Role from Azure website](https://stackoverflow.com/questions/17615260/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted-when-conn) – Ross Bush Nov 15 '22 at 20:13

4 Answers4

9

This is a breaking change in EF Core 7.0 as noted here: https://learn.microsoft.com/en-us/ef/core/what-is-new/ef-core-7.0/breaking-changes

You have two options. Option 1: Install a valid certificate on the server https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver16

Option 2: You need to add TrustServerCertificate to true or Encrypt=False. The downside with this option is you may leave the server in a potentially insecure state.

mysqlserver.com;Initial Catalog=db_database;User Id=db_admin;Password=pass123;Persist Security Info=True;Encrypt=true;TrustServerCertificate=true;
MGot90
  • 2,422
  • 4
  • 15
  • 31
Muhammad Riad
  • 120
  • 7
  • What have you changed? – Dale K Nov 15 '22 at 20:09
  • @DaleK - The original answer was a copy and paste of the original. I think it was edited to show the difference as an ';' at the end. – Ross Bush Nov 15 '22 at 20:10
  • 1
    I keep getting : SqlException: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) – Fillo Nov 15 '22 at 20:25
  • @dalek I added some more context to this answer. I hope it helps! – MGot90 Jan 18 '23 at 19:17
1

The easy fix is to set Encrypt=False; Please look at the link in the comment above. I ran across this a while back. A breaking change was introduced in Microsoft.Data.SqlClient. While making it more secure by default, the idea is that you now have to implicitly opt into a less secure connection by turning off Encrypt, which in the prior releases defaulted to false, if not set.

Ross Bush
  • 14,648
  • 2
  • 32
  • 55
1

add

TrustServerCertificate=true

end of ConnectionStrings in appsettings.json like this

"ConnectionStrings": { "abc": "Data Source = .;Initial Catalog=adsDB;Integrated Security=True;TrustServerCertificate=True"

}

Mohsen.bakhtiyariha
  • 65
  • 1
  • 2
0

This it what worked for me.

The full Connection string:

"Server=mysqlserver.com;Initial Catalog=MyDatabase;User Id=yoursername;Password=yourpassword;Integrated security=false;MultipleActiveResultSets=true";

Fillo
  • 141
  • 1
  • 10