If you create a regular Azure SQL database and go to "Connection strings" tab in the portal all the connection strings have TrustServerCertificate=False
parameter. Why is that? Microsoft doesn't trust its own certificates?
Update: I guess it's just poor naming. Found this in the official documentation:
When
TrustServerCertificate
is set totrue
, the transport layer will use SSL to encrypt the channel and bypass walking the certificate chain to validate trust. IfTrustServerCertificate
is set totrue
and encryption is turned on, the encryption level specified on the server will be used even ifEncrypt
is set tofalse
. The connection will fail otherwise.
CodePudding user response:
TrustServerCertificate=true
means the client will trust the certificate it gets from SQL server without fully verifying it. And this is obviously a bad thing so always use TrustServerCertificate=false
.