TrustServerCertificate

Description

Specifies whether encryption occurs if there is no verifiable server certificate.

When to specify TrustServerCertificate

You must specify the TrustServerCertificate parameter before connecting to the database.

Applies to

SNC SQL Native Client for Microsoft SQL Server

MSOLEDBSQL Microsoft OLE DB Driver for SQL Server

ADO.NET SQL Server provider

Syntax

TrustServerCertificate=value

Parameter

Description

value

Specifies whether encryption occurs if there is no verifiable server certificate. The value of this parameter is ignored if the Encrypt DBParm is not set to 1. Values are:

  • 0

    (Default) Encryption occurs only if there is a verifiable server certificate, otherwise the connection attempt fails.

  • 1

    Encryption always occurs, but may use a self-signed server certificate.


Default value

TrustServerCertificate=0

Usage

SQL Server 2005 always encrypts network packets associated with logging in to the server. If no certificate is provided on the server when it starts up, SQL Server generates a self-signed certificate that is used to encrypt login packets.

SQL Server Configuration Manager can be used to configure the SQL Native Client to request an encrypted connection using the Secure Sockets Layer (SSL), and to accept a self-signed certificate without validation.

You can also request encryption by setting the Encrypt DBParm to 1, which sets the SQL Native Client connection string keyword Encrypt. To enable encryption to be used when a certificate has not been provided on the server, set both Encrypt=1 and TrustServerCertificate=1. The value of TrustServerCertificate is ignored if Encrypt is not set to 1.

Examples

To specify that PowerBuilder should encrypt data and accept the server certificate without validation:

  • Database profile

    Select the Encrypt Data and Trust Server Certificate check boxes on the System page in the Database Profile Setup dialog box.

  • Application

    Type the following in code:

    SQLCA.DBParm="Encrypt=1,TrustServerCertificate=1"

See also

Encrypt