2

The certificate chain was issued by an authority that is not trusted

When using a powershell script to login to the database. I have bound a let's encrypt wildcard certificate to the SQL server. Using ;TrustServerCertificate=true cannot be done for the current use. Any reason why this error even after using a trusted cert?

Tried using a let's encrypt wild card cert for SQL cert but got the same error. Was expecting the powershell script to login to the database.

Dale K
  • 25,246
  • 15
  • 42
  • 71
Harsh
  • 21
  • 1
  • Did you check this question: https://stackoverflow.com/questions/17615260/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted-when-conn – Victor Silva May 26 '23 at 21:21
  • Yes, based on that answers, I tried using a let's encrypt wild card cert but still have the same issue – Harsh May 26 '23 at 21:24
  • 2
    To validate a certificate, you need to validate the _fully-qualified name_ of the server. So instead of just `DBServer`, it's needs to be something like `DBServer.example.org`. You need to this as part of both the connection string and the configured name on the server. – Joel Coehoorn May 26 '23 at 21:27
  • The signing encryption mode of the certificate may not be supported on older OS. What OS are you using? – jdweng May 26 '23 at 23:32
  • In order to trust the Let's Encrypt certificate the client computers have to trust Let's Encrypt itself. Is the client computer fully up to date with Windows Updates? If you open "Manage computer certificates" and go to Trusted Root Certification > Certificates is the Let's Encrypt root certificate present (this should be "DST Root CA X3" according to the diagram at https://letsencrypt.org/certificates/, but looking at a certificate I have to hand its root is "ISRG Root X1"). – AlwaysLearning May 27 '23 at 00:37
  • @JoelCoehoorn Thank you so much, it worked!! @ jdweng it is Windows 2022 Datacenter @ AlwaysLearning Both are/were present in Trusted Root Certification. Thank you all for your help! – Harsh May 28 '23 at 21:48

0 Answers0