-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS connection issue due to incomplete certificate chain #264
Comments
Hello @Yannik, thank you for opening an issue. |
Hi @spetrosi This is the config I used:
Server OS: almalinux9. My computer (=control node) is running fedora 39. |
Could you also please share the error message you see when connecting to SQL Server? Can you please help explain more about the intermediate certificate issue you are talking about. If your client trusts the server certificate then you should not have an issue. |
Hi @amitkh-msft This is the error message:
The server cert is a normal certificate issued by a public CA. Does that help? That is like the 101 on how PKI works, and it does work without issue running mssql on windows. |
Hi,
I have configured mssql server with TLS using this role, however, connections from linux systems to the SQL server fail with a certificate validation error. This is most likely due to the intermediate certificate not being provided by the SQL server, and the certificate chain therefore being incomplete. (Note: connecting from windows works fine due to AIA-fetching).
Thus, my question is: how to configure this in a way that the intermediate certificate is correctly supplied by the mssql server?
I have tried configuring
mssql_tls_cert
to a file that contains both the intermediate and the server cert, but that didn't help.Best regards
Yannik
The text was updated successfully, but these errors were encountered: