I am testing something around SSL\TLS and SQL Server 2017. I have enabled TLS on a test SQL Server instance by creating a self-signed cert and doing the required steps to add it to the Windows certificate store and then adding it to SQL Server in Configuration Manager. I have set also 'Force Encryption' to 'On', and restarted the service. So as far as I can ascertain that is enough to enable TLS on the SQL Server side.
For client applications on other computers connecting to the SQL Server instance I am confused as to what the connection string requirements are for connections using SqlClient. My understanding from reading up on it was that 'TrustServerCertificate=true' would have to be added to the connection string, but it seems possible to connect without that.
Is this because the certificate on the server is seen as being from a trusted authority?
Best Answer
no,
means more or less
ignore certification source verification
It's used in env like your when a self-signed certificate is used for encryption. It's better to use the certificate produced by a CA and distributed by your AD GPO. In that case you don't need to use 'TrustServerCertificate=true'; but be sure to use in the connection string the FQDN of the server that is inside the certificate.