I am unable to connect on the SQL server

Question

I've already contacted Windows support and they are only have limited resources and only found out the root cause of the issue.

They said that the SSMS has an error means that the client tried to establish an encrypted connection, but the SSL cetificate presented by the SQL server is not trusted. In other words, the certificate chain does not match a trusted Certified Authority (CA) on my machin.

Please help me with this for having match trusted CA in order for me to connect SQL server.

Answer 1

Hi @Sakthi N

This issue occurs because the SQL Server certificate is not trusted by your machine.

First try to fix this, in SSMS - Options - Connection Properties - check “Trust server certificate” and connect.

Still it not works then try to fix in this way. Export the SQL Server certificate and install it on your client machine under Trusted Root Certification Authorities so the certificate becomes trusted.

That’s it use the quick fix to connect now, and the proper fix for a permanent solution.

Thanks,
Akhil.

Answer 2

The error occurs because the SQL Server is using a certificate that the client machine does not trust. To resolve this, either establish trust for the server’s certificate authority on the client or configure the client to trust the server certificate without validation.

Use one of these approaches:

1. Install the server’s CA certificate on the client (recommended)

This makes the certificate chain trusted and fixes the error correctly.

1. On the SQL Server machine, export the server certificate:
   1. Run MMC (Microsoft Management Console).
   2. Add the Certificates snap-in for the Computer account.
   3. Expand Personal → Certificates.
   4. Right-click the SQL Server certificate → All Tasks → Export.
   5. In the Certificate Export Wizard:
      • Choose No, do not export the private key.
      • Choose DER encoded binary X.509 (.CER) or Base-64 encoded X.509 (.CER).
      • Specify a file name (for example, caCert.cer) and finish the export.
2. On the client machine (where SSMS or the app runs), install the CA certificate into Trusted Root Certification Authorities:
   1. Run MMC and add the Certificates snap-in for Computer account.
   2. Expand Certificates (Local Computer) → Trusted Root Certification Authorities.
   3. Right-click Certificates → All Tasks → Import.
   4. In the Certificate Import Wizard:
      • Browse to the exported caCert.cer file.
      • Accept the default certificate store (Trusted Root Certification Authorities).
      • Complete the wizard.
3. Retry the connection from SSMS or the client application. The certificate chain should now be trusted and the encrypted connection should succeed.
4. Trust the server certificate from the client (less secure)

If using a self-signed certificate or cannot install the CA root, configure the client to trust the server certificate without validating the chain:

• In SSMS: In Connect to Server → Options → Connection Properties, select Trust server certificate and then connect.
• In application connection strings (for SqlClient or similar): set TrustServerCertificate=true.

This bypasses CA validation and is less secure; it should not be used in production or on internet-facing servers.

3. If encryption is not required

If encrypted connections are not needed and the current configuration is accidental:

1. Disable encryption in the client connection settings.
2. On SQL Server, disable server-side encryption using SQL Server Configuration Manager (turn off Force Encryption).

Note: Disabling encryption or blindly trusting certificates reduces security and should be evaluated carefully.

---

References:

• "The certificate received from the remote server was issued by an untrusted certificate authority" error when you connect to SQL Server
• Connect with SQL Server Management Studio
• SqlClient troubleshooting guide
• Transport Layer Security and digital certificates