You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/connect/odbc/connection-troubleshooting.md
+12-7Lines changed: 12 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,17 +8,22 @@ ms.service: sql
8
8
ms.subservice: connectivity
9
9
ms.topic: conceptual
10
10
---
11
-
# Connection Encryption Troubleshooting
11
+
# Troubleshooting connection encryption problems
12
12
13
-
### SSL Provider: The certificate chain was issued by an authority that is not trusted.
14
-
Connection encryption is enabled by default in version 18 and newer. Users may see this error if the SQL Server isn't configured to use certificates. To configure connection encryption for the server, see [Configure SQL Server Database Engine for encrypting connections](../../database-engine/configure-windows/configure-sql-server-encryption.md).
13
+
**If you see "SSL Provider: The certificate chain was issued by an authority that is not trusted." or "SSL routines::certificate verify failed: unable to get local issuer certificate" in your error:**
15
14
16
-
Users can also choose to set the `Encrypt` connection string keyword to `no`/`optional` to disable connection encryption to match the default behavior prior to version 18. In the DSN Configuration UI, this option is set using the `Connection Encryption` dropdown. If connection encryption is desired, `TrustServerCertificate` can also be set to `yes` to skip server certificate validation.
15
+
- Connection encryption is enabled by default in version 18 and newer. Users switching from previous versions of ODBC may see these errors if connection encryption was previously not used.
16
+
- Users can also choose to set the `Encrypt` connection string keyword to `no`/`optional` to disable connection encryption to match the default behavior prior to version 18. In the DSN Configuration UI, this option is set using the `Connection Encryption` dropdown.
17
+
- If connection encryption is desired, `TrustServerCertificate` can also be set to `yes` to skip server certificate validation.
17
18
18
-
### SSL Provider: The target principal name is incorrect.
19
-
Users may see this error if the host name in the certificate returned by the server doesn't match what is expected. By default, the server name is used to check against the certificate. The `HostNameInCertificate` keyword can be used to specify the name expected from the server certificate. Alternatively, a certificate can also be specified to match and verify the returned server certificate against by using the `ServerCertificate` keyword (v18.1+). For more information, see [DSN and Connection String Keywords and Attributes](dsn-connection-string-attribute.md).
19
+
**If you see "SSL Provider: The target principal name is incorrect." or "SSL routines::certificate verify failed:subject name does not match host name" in your error:**
20
20
21
-
You may also use `TrustServerCertificate` to skip server certificate validation.
21
+
- Users may see this error if the host name in the certificate returned by the server doesn't match what is expected. By default, the server name is used to check against the certificate.
22
+
- The `HostNameInCertificate` keyword can be used to specify the name expected from the server certificate.
23
+
- Alternatively, a certificate can also be specified to match and verify the returned server certificate against by using the `ServerCertificate` keyword (v18.1+).
24
+
- You may also use `TrustServerCertificate` to skip server certificate validation.
25
+
26
+
For more information, see [DSN and Connection String Keywords and Attributes](dsn-connection-string-attribute.md).
0 commit comments