The certificate chain was issued by an authority that is not trusted
When connecting a database (DB) in a Virtual Machine (VM) role from an Azure website, you may encounter the error message: "The certificate chain was issued by an authority that is not trusted." This error occurs because the VM's SQL Server doesn't have a Certificate Authority (CA)-signed certificate installed in its trusted root store.
To resolve this issue, you can take the following steps:
Option 1: Set Encrypt to False
In the connection string, you can set the Encrypt
parameter to False
. However, this is not recommended as it compromises the security of your connection.
Option 2: Set TrustServerCertificate to True
You can add TrustServerCertificate=True
to the connection string. This tells the SQL Server to trust any server certificate by default, even if it's not CA-signed. However, this is also not recommended as it reduces the security of your connection.
Recommended Solution: Install a Proper Certificate
The best long-term solution is to obtain a CA-signed certificate from a trusted CA, such as Let's Encrypt. Once you have the certificate, install it on the VM's SQL Server. Remember to set up automatic certificate renewal to ensure the certificate remains valid.
By following these steps, you can resolve the error and establish a secure connection between your Azure website and the DB in the VM role.
Additional Information
- For more information on using Let's Encrypt certificates with SQL Server, refer to the official documentation: Using Encryption Without Validation.
- If you're using Visual Studio and encountering this error when connecting to a data source, go to Advanced and set
TrustServerCertificate=True
. - For SSMS users, adding
TrustServerCertificate=True
to the Additional Connection Parameters should resolve the issue. - In SQL Management Studio, navigate to connection properties and enable the "Trust server certificated" option.
- If you're using Data Connections in Visual Studio 2015 and encountering the error, go to Advanced and set
TrustServerCertificate=True
. - You can also try running SSMS or other tools as an administrator to resolve the issue.