EFCore.SqlServer 6.0.1 Untrusted certificate authority error

[ibrahim33]

Why is ef core trying to use ssl encrypted connection to connect to database when switching from 6.0.0 to 6.0.1?

When we update EntityFrameworkCore.SqlServer from Version 6.0.0 to Version 6.0.1 we cannot connect to our database anymore because of an untrusted certificate authority error.
It also happens when we try Scaffolding.
ConnectionString:
Data Source=localhost;Initial Catalog=local-Sales;Persist Security Info=True;User ID=sa;Password=sa-local-2019;

StackTrace:

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)

When I add trustServerCertificate=true to the connection string it works again:
Data Source=localhost;Initial Catalog=local-Sales;Persist Security Info=True;User ID=sa;Password=sa-local-2019;trustServerCertificate=true
Did you made this change on purpose?
I cannot find anything about this change in the documents.

EF Core version: 6.0.1
Database provider: (e.g. Microsoft.EntityFrameworkCore.SqlServer)
Target framework: (e.g. .NET 6.0)
Operating system: Windows 10
IDE: Jetbrains Rider 2021.3.1

[ibrahim33]

It looks like this minor change contains a breaking change from Microsoft.Data.SqlClient 4.0
https://techcommunity.microsoft.com/t5/sql-server-blog/released-general-availability-of-microsoft-data-sqlclient-4-0/ba-p/2983346

[ErikEJ]

EF Core 6 does not depend on MDS 4.0!

You must have an explicit Dependency to that somewhere?

[ibrahim33]

The IDE says I have an implizit dependency from Microsoft.EntityFrameworkCore.SqlServer.
When I revert to Microsoft.EntityFrameworkCore.SqlServer Version 6.0.0 the connection works fine.

[ErikEJ]

Please share your csproj

[ibrahim33]

I won't be returning to work for the next two weeks.
If the problem still exists at that point I will post it.
Thanks for your replies and happy holidays.

[IeuanWalker]

@ErikEJ im having the same issue.

I've migrated from .net core 3.1 to .net 6 and started getting this error.

Downgrading down to 6.0.0 doesn't fix it.

[IeuanWalker]

@ErikEJ adding trustServerCertificate=true does fix it.

Is there an issue adding that in?

[ErikEJ]

@IeuanWalker not if you are on prem

[FM1973]

@ErikEJ what about sql azure?

[IeuanWalker]

@IeuanWalker not if you are on prem

Thanks, in this case we are on prem.

Few of our other services are azure based, not migrated them yet though so not sure if they will have the same issue

[opolo]

Hi there!

Just faced this issue too - we could no longer make new migrations and/or connect to local DBs, as this error then appeared.
I saw you asked earlier for a csproj file, here's ours:

`

<PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
</PropertyGroup>

<ItemGroup>
    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="6.0.0">
        <PrivateAssets>all</PrivateAssets>
        <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
    <PackageReference Include="Optional" Version="4.0.0" />
    <PackageReference Include="Serilog.AspNetCore" Version="4.1.0" />
    <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.0" />
</ItemGroup>

<ItemGroup>
    <ProjectReference Include="..\HoodHeroes.Widgets.Data\HoodHeroes.Widgets.Data.csproj" />
</ItemGroup>

`

and

`

<PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
</PropertyGroup>

<ItemGroup>
    <PackageReference Include="EFCore.BulkExtensions" Version="6.2.0" />
    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="6.0.0" />
    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="6.0.0">
        <PrivateAssets>all</PrivateAssets>
        <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.0" />
    <PackageReference Include="Microsoft.Extensions.Http" Version="6.0.0" />
</ItemGroup>

<ItemGroup>
  <ProjectReference Include="..\HoodHeroes.Common.Data\HoodHeroes.Common.Data.csproj" />
  </ItemGroup>

`

I believe that's all of the relevant ones. Hope it helps, and thanks for the work on EF Core - SQL would have been a pain without :)

I suspect its EFCore BulkExtensions here that refers o that, since the other packages are at 6.0.0 and not 6.0.1, as others pointed out was where the issue was introduced for them...

NB. Adding "trustServerCertificate=true" to our connection strings fixed our issues with not being able to connect to our DBs, when running our micro services locally :) Thanks for that tip!

[ErikEJ]

EFCore.Bulkextensions explicitly depends on SqlClient 4.0. It should not do that, that is why you are facing breaking changes.

I would ask the author to stop doing that, and just use the 2.1 version the EF Core SqlServer package depends on instead.
@borisdj

[borisdj]

SqlClient dependency down to 2.1
Published v6.2.8

[ibrahim33]

@ErikEJ Thank you for clarifying and @borisdj for the fix.

[borisdj]

@ErikEJ Does latest version of EF Core, being 6.0.5, now have dependency to Microsoft.Data.SqlClient 4.0?
Recently I have updated all nugets in Bulk lib. so to check if 6.0.5 can go with 4.0.

[ErikEJ]

No. It still depends on 2.1.4 as that was the most recent LTS release when 6.0 came out.

[borisdj]

So only EF Core 7 will have newer version ?

[ErikEJ]

Yes, EF Core 7 already uses version 5: https://github.com/dotnet/efcore/blob/main/src/EFCore.SqlServer/EFCore.SqlServer.csproj#L51

[304NotModified]

certificate chain was issued by an authority that is not trusted.

FYI, this is error code SEC_E_UNTRUSTED_ROOT 0x80090325

[Master2402]

You need to have a look at this :
https://learn.microsoft.com/en-us/ef/core/what-is-new/ef-core-7.0/breaking-changes#high-impact-changes

[goverdhanj]

Hi there!

Just faced this issue too - we could no longer make new migrations and/or connect to local DBs, as this error then appeared. I saw you asked earlier for a csproj file, here's ours:

`

<PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
</PropertyGroup>

<ItemGroup>
    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="6.0.0">
        <PrivateAssets>all</PrivateAssets>
        <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
    <PackageReference Include="Optional" Version="4.0.0" />
    <PackageReference Include="Serilog.AspNetCore" Version="4.1.0" />
    <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.0" />
</ItemGroup>

<ItemGroup>
    <ProjectReference Include="..\HoodHeroes.Widgets.Data\HoodHeroes.Widgets.Data.csproj" />
</ItemGroup>

`
and

`

<PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
</PropertyGroup>

<ItemGroup>
    <PackageReference Include="EFCore.BulkExtensions" Version="6.2.0" />
    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="6.0.0" />
    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="6.0.0">
        <PrivateAssets>all</PrivateAssets>
        <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.0" />
    <PackageReference Include="Microsoft.Extensions.Http" Version="6.0.0" />
</ItemGroup>

<ItemGroup>
  <ProjectReference Include="..\HoodHeroes.Common.Data\HoodHeroes.Common.Data.csproj" />
  </ItemGroup>

`

I believe that's all of the relevant ones. Hope it helps, and thanks for the work on EF Core - SQL would have been a pain without :)

I suspect its EFCore BulkExtensions here that refers o that, since the other packages are at 6.0.0 and not 6.0.1, as others pointed out was where the issue was introduced for them...

NB. Adding "trustServerCertificate=true" to our connection strings fixed our issues with not being able to connect to our DBs, when running our micro services locally :) Thanks for that tip!

Thank you very much Opolo! This worked for me:)