IIS 7 and Above
Configuration & Scripting
Last post May 21, 2020 02:23 AM by Jalpa Panchal
May 20, 2020 01:56 AM|Roemesh|LINK
I set TrustServerCertificate=false; Encrypt=True" in webconfig and using sql server TLS certificate getting error message
<add name="SQLConnectionString" providerName="System.Data.SqlClient" connectionString="Server=xxx;Database=xxx;User ID=xxxx;Password=xxx1;MultipleActiveResultSets=True;Use Encryption for Data=True; TrustServerCertificate=false; Encrypt=True" />
May 21, 2020 02:23 AM|Jalpa Panchal|LINK
When TrustServerCertificate is false and Encrypt is true, the server name (or IP address) in a SQL Server SSL certificate must exactly match the server name (or IP address) specified in the connection string. Otherwise, the connection attempt will fail.
In other words, the only security check that's being done with the combination of "encrypt=true;trustservercertificate=false" is to see if the certificate hostname matches the hostname of the server you're trying to connect to.
trustservercertificate=false won't accept self-signed certificates so the certificate must still be signed by a known/trusted CA.
so to resolve the issue set the TrustServerCertificate=true.