Connecting/dialog docs update 18.1

Author: v-kevinwong

docs/connect/odbc/linux-mac/connection-string-keywords-and-data-source-names-dsns.md

@@ -2,7 +2,7 @@
 title: Connecting from Linux or macOS
 description: Learn how to create a connection to a database from Linux or macOS using the Microsoft ODBC Driver for SQL Server.
 ms.custom: ""
-ms.date: 02/15/2022
+ms.date: 08/08/2022
 ms.prod: sql
 ms.prod_service: connectivity
 ms.reviewer: ""
@@ -111,28 +111,30 @@ Regardless of the settings for **Encrypt** and **TrustServerCertificate**, the s
 | Yes | No  | Yes | Server certificate is checked.<br/>Data sent between client and server is encrypted. |
 | Yes | Yes | Yes | Server certificate isn't checked.<br/>Data sent between client and server is encrypted. |
 
-When using connection encryption, the name (or IP address) in a Subject Common Name (CN) or Subject Alternative Name (SAN) in a SQL Server TLS/SSL certificate should exactly match the server name (or IP address) specified in the connection string.
+When using connection encryption, the name (or IP address) in a Subject Common Name (CN) or Subject Alternative Name (SAN) in a SQL Server TLS/SSL certificate should exactly match the server name (or IP address) specified in the connection string. The `HostnameInCertificate` keyword (v18.0+) can be used to specify an alternate name used to match against the names in the TLS/SSL certificate. When the keyword is specified, the SQL Server TLS/SSL certificate must match either one of the server name, or the `HostnameInCertificate`.
 
 By default, encrypted connections always verify the server's certificate. However, if you connect to a server that has a self-signed certificate, and aren't using strict encryption mode, you can add the `TrustServerCertificate` option to bypass checking the certificate against the list of trusted certificate authorities:  
 
 ```ini
 Driver={ODBC Driver 17 for SQL Server};Server=ServerNameHere;Encrypt=YES;TrustServerCertificate=YES  
 ```
 
-In strict encryption mode, the certificate is always verified. <br/><br/>
+In strict encryption mode, the certificate is always verified. As an optional alternative to standard certificate verification, the `ServerCertificate` keyword (v18.1+) can be used to specify the path to a certificate file to match against the SQL Server certificate. This option is only available when using strict encryption. The accepted certificate formats are PEM, DER, and CER. If specified, the SQL Server certificate is checked by seeing if the `ServerCertificate` provided is an exact match.<br/><br/>
 TLS on Linux and macOS uses the OpenSSL library. The following table shows the minimum supported versions of OpenSSL and the default Certificate Trust Store locations for each platform:
 
 |Platform|Minimum OpenSSL Version|Default Certificate Trust Store Location|  
 |------------|---------------------------|--------------------------------------------|
-|Debian 10|1.1.1|/etc/ssl/certs|
+|Debian 10, 11|1.1.1|/etc/ssl/certs|
 |Debian 9|1.1.0|/etc/ssl/certs|
 |Debian 8.71|1.0.1|/etc/ssl/certs|
 |OS X 10.11, macOS|1.0.2|/usr/local/etc/openssl/certs|
+|Red Hat Enterprise Linux 9|3.0.1|/etc/pki/tls/cert.pem|
 |Red Hat Enterprise Linux 8|1.1.1|/etc/pki/tls/cert.pem|
 |Red Hat Enterprise Linux 7|1.0.1|/etc/pki/tls/cert.pem|
 |Red Hat Enterprise Linux 6|1.0.0-10|/etc/pki/tls/cert.pem|
 |SUSE Linux Enterprise 15|1.1.0|/etc/ssl/certs|
 |SUSE Linux Enterprise 11, 12|1.0.1|/etc/ssl/certs|
+|Ubuntu 22.04|3.0.2|/etc/ssl/certs|
 |Ubuntu 20.04, 21.04, 21.10 |1.1.1|/etc/ssl/certs|
 |Ubuntu 18.04|1.1.0|/etc/ssl/certs|
 |Ubuntu 16.04, 16.10, 17.10|1.0.2|/etc/ssl/certs|

docs/connect/odbc/windows/dsn-wizard-4.md

@@ -2,7 +2,7 @@
 description: Learn how to define advanced options in the Data Source Wizard to create a new ODBC connection to SQL Server.
 title: Data Source Wizard Screen 4 (ODBC Driver for SQL Server)
 ms.custom: ""
-ms.date: 02/15/2022
+ms.date: 08/08/2022
 ms.prod: sql
 ms.prod_service: connectivity
 ms.reviewer: ""
@@ -34,6 +34,10 @@ Declares the connection encryption mode to be used when connections are made usi
 
 This option is applicable only when **Use strong encryption for data** is enabled (ODBC Driver 17 and older), or when **Connection Encryption** is set to **Optional** or **Mandatory** (ODBC Driver 18 and newer). When selected, the server's certificate won't be validated to have the correct hostname of the server and be issued by a trusted certificate authority. The server's certificate will always be validated when using the **Strict** encryption mode.
 
+### Server certificate (optional)
+
+Specifies the server certificate (PEM, DER, or CER format) to match against the certificate returned by the server during encryption negotiation. When specified, certificate validation is done by checking if the server's certificate is an exact match against the certificate specified. The **Hostname in certificate** option is ignored when a server certificate is specified. This option is applicable only when **Connection Encryption** is set to **Strict** and is available in ODBC Driver 18.1 and newer.
+
 ### Hostname in certificate (optional)
 
 Specifies the hostname to be used when validating the server's certificate. When left blank, the server name is used as the hostname for validation. A hostname can only be specified when **Trust server certificate** is unselected. This option is available in ODBC Driver 18 and newer.

docs/connect/odbc/windows/sql-server-login-dialog.md

@@ -2,7 +2,7 @@
 title: "SQL Server Login Dialog Box (ODBC)"
 description: "The SQL Server Login dialog may appear when an application makes an ODBC connection without specifying enough information to connect to the database."
 ms.custom: ""
-ms.date: "02/15/2022"
+ms.date: "08/08/2022"
 ms.prod: sql
 ms.prod_service: connectivity
 ms.reviewer: v-davidengel
@@ -99,6 +99,10 @@ When selected, data that is passed through the connection will be encrypted. Log
 
 Declares the connection encryption mode to be used. Selecting the **Optional** or **Mandatory** option is equivalent to having **Use strong encryption for data** unselected or selected, respectively. When **Strict** is used, the connection will be encrypted using TDS 8.0. This option is available in ODBC Driver 18 and newer.
 
+### Server certificate (optional)
+
+Specifies the server certificate (PEM, DER, or CER format) to match against the certificate returned by the server during encryption negotiation. When specified, certificate validation is done by checking if the server's certificate is an exact match against the certificate specified. The **Hostname in certificate** option is ignored when a server certificate is specified. This option is applicable only when **Connection Encryption** is set to **Strict** and is available in ODBC Driver 18.1 and newer.
+
 ### Hostname in certificate (optional)
 
 Specifies the hostname to be used when validating the server's certificate. When left blank, the server name is used as the hostname for validation. A hostname can only be specified when **Trust server certificate** is unselected. This option is available in ODBC Driver 18 and newer.