Skip to main content

Provider: SSL Provider, Error: 0 - The certificate chain was issued by an untrusted authority.

When I was writing a .NET6 API today, I used the Dapper framework to configure the database connection. After configuring it, an error occurred when connecting to the DB. I found that the error was caused by Microsoft.Data.SqlClient. Using System.Data.SqlClient worked fine. Access, the error message is as follows:

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an untrusted authority.)"

System.Data.SqlClient is the ADO.NET legacy provider used by the .NET Framework.
The Microsoft.Data.SqlClient package was released in 2019 and is a new package that supports both .NET Core and .NET Framework.

After consulting the information online, I found that the default encryption value of the Microsoft.Data.SqlClient package is True when connecting to the database, so the server TLS/SSL certificate will be verified, resulting in an error: the certificate chain is issued by an untrusted issuing authority. of.

Option One:

In fact, the solution is very simple. You only need to add the Encrypt=false; string after the DB link string to solve the problem.

//Example: Adding encryption=false to the end of the DB link string.
"ConnectionStrings": {
    "Default": "Data Source=.;Initial Catalog=AuoUserdata;User Id=sa;Password=sa123;Trusted_Connection=True;Encrypt=false;"
}

Microsoft official documentation explains:

The default value of the connection setting has been false changed from to true . With the growing use of cloud databases and the need to ensure those connections are secure, it's time for this backwards-compatibility-breaking change.

The default value for connection settings has been changed from false to true. With the increasing use of cloud databases and the need to secure these connections, it's time for this backwards compatibility breaking change.

Portal: Microsoft.Data.SqlClient 4.0 new feature - encryption default value set to true

Option II:

Because the Microsoft.Data.SqlClient connection database will verify the server TLS/SSL certificate by default, we only need to add automatic trust server security to skip verifying the certificate.

//Example: Adding trustServerCertificate=true to the end of the DB link string.
"ConnectionStrings": {
    "Default": "Data Source=.;Initial Catalog=AuoUserdata;User Id=sa;Password=sa123;trustServerCertificate=true;"
}

trustServerCertificate

True if server Transport Layer Security (TLS) (formerly Secure Sockets Layer (SSL)) certificates should be automatically trusted when using the TLS encrypted communication layer. Otherwise false.

Remark

If the trustServerCertificate property is set to true, the SQL Server TLS/SSL certificate is automatically trusted when using the TLS encrypted communication layer. In other words, the Microsoft JDBC Driver for SQL Server will not verify SQL Server TLS/SSL certificates. The default value is false.

If the trustServerCertificate property is set to false, the Microsoft JDBC Driver for SQL Server will verify the server TLS/SSL certificate.

Portal: setTrustServerCertificate method