Share via

Linkage issue to express 2017

Scott Huang 3,451 Reputation points
2026-04-29T03:53:13.83+00:00

Hi,

To Sql express 2017, I got the issue like

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Microsoft SQL Server, Error: -2146893019)

Connection Id a3273848-178c-4c7d-9a74-c77372dc86f0 at 2026-04-29 03:02:45Z

Any help?

SQL Server | Other

Answer accepted by question author

  1. Q&A Assist
    2026-04-29T03:53:30.5266667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The error indicates that the TLS certificate presented by SQL Server Express 2017 cannot be validated by the client because the issuing Certificate Authority (CA) is not trusted.

    This typically happens in these cases:

    1. SQL Server is using a certificate from a non‑trusted CA
      • The certificate was issued by an internal or self‑signed CA that is not in the client’s Trusted Root Certification Authorities store.
    2. SQL Server is using its self‑generated certificate and encryption is enforced
      • If “Force Encryption” is enabled on SQL Server and it uses a self‑signed certificate, clients must explicitly trust that certificate or its issuer.

    To fix it, use one of these supported approaches:

    1. Install a trusted certificate and CA
      • Configure SQL Server Express 2017 with a TLS certificate issued by a CA that is trusted by the client machines (for example, a corporate PKI or a public CA).
      • Ensure the issuing CA’s root certificate is present in the client’s Trusted Root Certification Authorities store.
    2. Trust the existing SQL Server certificate on the client
      • Export the current SQL Server TLS certificate.
      • Import it into the client’s Trusted Root Certification Authorities (or appropriate) certificate store so the chain becomes trusted.
    3. Use TrustServerCertificate (less secure)
      • In the connection string, set TrustServerCertificate=true so the client skips certificate chain validation. This is explicitly described as less secure and should only be used when acceptable by policy.
    4. Disable forced encryption (insecure)
      • If SQL Server has “Force Encryption” enabled, turning it off will avoid the TLS requirement, but this is considered insecure and not recommended.

    The recommended and most secure solution is to use a TLS certificate signed with at least SHA‑256 by a CA that the client trusts, and ensure that CA is in the client’s trusted root store.

    References:

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Erland Sommarskog 133.9K Reputation points MVP Volunteer Moderator
    2026-04-29T09:16:58.96+00:00

    I would assume that you are setting up the linked server on SQL 2025 which uses the MSOLEDBSQL19 provider for linked servers to other SQL Server instances. This provider defaults to requiring an encrypted connection.

    An easy way out is to set up the linked server this way:

    EXEC sp_addlinkedserver 'MYSERVER', '', 'MSOLEDBSQL19', @datasrc = 'SERVER\SQLEXPRESS', @provstr = 'TrustServerCertificate=yes'

    However, this opens for man-in-the-middle attacks; someone on your network could intercept the traffic between the servers. The proper solution is to user proper certificates which are trusted on the other side.

    One way to achieve this is to buy a certificate from a trusted provider whose root certificate is the Windows Trusted Certificate Store by default. You can also roll your own as described in this article: https://codekabinett.com/rdumps.php?Lang=2&targetDoc=create-install-ssl-tls-certificate-sql-server.

    Keep in mind that this is nothing that is specific for linked servers, but it applies to all connections to SQL Server in your organisation.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.