I am experiencing an error when connecting MY DB which is in VM Role (I have SQL VM Role) from Azure Website. Both VM Role and Azure Website are in West zone. I am facing the following issue:
SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
I am able to connect to my DB using SSMS. Port 1433 is open on my VM role. What is wrong with my connection?
This answer provides an explanation and stop gap, but also offers some better recommendations including purchasing and installing a proper certificate.
Please see also the other highly voted answers in this thread, including this answer by Alex From Jitbit, about a breaking change when migrating from System.Data.Sql to Microsoft.Data.Sql (spoiler: Encrypt is now set to true by default).
You likely don't have a Certificate Authority(CA)-signed certificate installed in your SQL VM's trusted root store.
If you have Encrypt=True in the connection string, either set that to off (not recommended), or add the following in the connection string (also not recommended):
TrustServerCertificate=True
SQL Server will create a self-signed certificate if you don't install one for it to use, but it won't be trusted by the caller since it's not CA-signed, unless you tell the connection string to trust any server cert by default.
Long term, I'd recommend leveraging Let's Encrypt to get a CA-signed certificate from a known trusted CA for free, and install it on the VM. Don't forget to set it up to automatically refresh. You can read more on this topic in SQL Server books online under the topic of "Encryption Hierarchy", and "Using Encryption Without Validation".