This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 74%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Hi all,
I have installed SQL Server instance in Windows and enabled SSL connections. Now I have installed ODBC SQL Server Native Client on Rhel 9 VM and configured a DSN in system_odbc.ini like:
[store_nativedr]
Driver=/F6/CA/siteminder/native/odbc/lib/libmsodbcsql.so
Description=Microsoft ODBC Driver 18 for SQL Server
Database=store_1
Server=xx.xxx.xx.xx,1433
Trusted_Connection=No
TrustServerCertificate=No
Encrypt=Yes
HostnameInCertificate=XXX
When I installed the Server root certificate in the location /etc/pki/ca-trust/source/anchors/ and run the command update-ca-trust, connection between SQL Server and ODBC client was successful[was testing the connection using isql command]
But now, if I just the append the DSN property "ServerCertificate" along with certificate path ,connection between SQL Server is failing:
ServerCertificate=/opt/config/odbcssl/<certname.cer>
with the error:
[08001][unixODBC][Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:unable to get local issuer certificate]
[08001][unixODBC][Microsoft][ODBC Driver 18 for SQL Server]Client unable to establish connection. For solutions related to encryption errors, see https://go.microsoft.com/fwlink/?linkid=2226722
cert path provide by the property ServerCertificate is not considered
As per the documentation, DSN property ServerCertificate is supported in the 18+ version of "Microsoft ODBC Driver 18 for SQL Server" .
Is there a way to point Server certificate to a location other than "/etc/pki/ca-trust/source/anchors/" as I need to do the similar setup in Docker container where I won't be having root privileges to run update-ca-trust command?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOF%3C/text%3E%3C/svg%3E)
Hi @srikanth G
The tag SQL Server Open Specifications is dedicated to supporting issues related to open specifications. You can find open specifications here https://learn.microsoft.com/en-us/openspecs/
You inquiry is not related to open specifications. I have removed the SQL Server Open Specifications tag from your post and have added SQL Server tag where you will have a better chance to get an answer to your question.
Regards,
Obaid Farooqi - MSFT
Hi,Srikanth GFrom the information you provided, there seems to be no issue with the DSN configuration. Is the certificate you provided self-signed? If this issue cannot be resolved, it is recommended to set TrustServerCertificate to YES.
Yes , I am using self-signed certificate, and do you see any issues using self-signed certificates for this configuration? Yeah, I already checked the connection by setting TrustServerCertificate to YES and it works fine. But in that case it just skip the certificate validation. However our intention is to validate the certificate.
Please let me know if you need more details and I really appreciate your prompt response, as I was working on this for sometime. Thanks.
Hi,Srikanth G
Please refer to Breaking Changes in the article; you might find the corresponding countermeasures.