SQL: (SQL Server) The certificate chain was issued by an authority that is not trusted

Are you trying to connect to a SQL Server instance and ending up with the error:

The certificate chain was issued by an authority that is not trusted

You aren't alone.

SQL Server 2005 introduced authentication encryption (by default) in the SQL Native Access Client (SNAC). SQL Server will self-generate a certificate that's then used unless you replace it with your own certificate.

If you do use your own SSL (Secure Sockets Layer) certificate for SQL Server, unless it's a publicly trusted certificate, your client system will need to trust that certificate. Generally that means that you'll need to list your own certificate authority (CA) as a trusted publisher on each of your client systems. Then that would work well.

And that's often the problem that causes the above issue.

Trusting the Server

But what if you just want to trust the certificate that was self-signed by the server? Well there's an option for that (Trust server certificate), in the Options section of the connection dialog:

Chances are that if you just check that box, you'll then be fine.

Note that there's also an option to turn off encryption (by unchecking Encrypt connection). While it would also "fix" the issue, that's not the best option to choose here.

And I'm posting this so that one day in the future when I forget what this was about, I'll find this post.

2 thoughts on “SQL: (SQL Server) The certificate chain was issued by an authority that is not trusted”

  1. I keep reading that this isn't a good idea on a production server, but if the connection is encrypted anyway… What could be the problem with ticking that box?

    1. Hi Celso, totally depends upon your level of concern. If all you want is to ensure the authentication is encrypted, then it's just fine. If you want to guarantee you're talking to the server you think you're talking to, you need to install a real SSL certificate that's already trusted.

      Regards,

      Greg

Leave a Reply

Your email address will not be published. Required fields are marked *