Skip to content

Latest commit

 

History

History
53 lines (38 loc) · 2.81 KB

certificate-chain-was-issued-by-authority-not-trusted.md

File metadata and controls

53 lines (38 loc) · 2.81 KB
title description type page_title slug position tags res_type
The certificate chain was issued by an authority that is not trusted
Learn how to troubleshoot the issue where the Query Builder cannot open when using the new SqlClient data provider in Visual Studio Report Designer.
troubleshooting
An error occurred during the login process - Authority not trusted
certificate-was-issued-by-authority-not-trusted
SqlDataSource, MSSQL Server, Microsoft.Data.SqlClient, Query Builder, Query Designer
kb

Environment

Product Progress® Telerik® Reporting
Component SqlDataSource

Description

When attempting to use the [Query Designer]({%slug telerikreporting/designing-reports/report-designer-tools/desktop-designers/tools/data-source-wizards/sqldatasource-wizard/query-designer-in-the-standalone-designer%}) in the [Visual Studio Report Designer]({%slug telerikreporting/designing-reports/report-designer-tools/desktop-designers/visual-studio-report-designer/overview%}) or in the other [Report Designers]({%slug telerikreporting/designing-reports/report-designer-tools/overview%}) when explicitly having selected the Microsoft.Data.SqlClient data provider, the connection fails during the login process.

Error Message

SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]

Cause

In versions 4.0.0 or newer of the Microsoft.Data.SqlClient data provider, the default value of the Encrypt connection setting has been changed from false to true as an attempt to improve the security with the default settings.

Solution

Short-term Solution

UseTrustServerCertificate=True in the connection string. The SQL Server will create a self-signed certificate if you don't install one for it to use, but it won't be trusted by the caller since it's not CA-signed, unless you tell the connection string to trust any server cert by default.

Long-term Solution

Install a CA-signed certificate from a trusted CA such as Let's Encrypt`.

See Also