Azure SQL Database Error: TLS Handshake Failure after v12 Upgrade
Issue:
Following an upgrade to Azure SQL Database v12, users are encountering a TLS handshake failure with the error message: "TLS Handshake failed: x509: certificate is valid for tr12.northcentralus1-a.worker.database.windows.net, *.tr12.northcentralus1-a.worker.database.windows.net, not [server-name].database.windows.net."
Troubleshooting:
Initially, it was assumed that the connection string needed to be modified. However, it remained consistent between the functioning local environment and the Azure Web App where the failure occurred.
Resolution:
The solution lay in modifying the connection parameters:
Final Connection String:
Server=[server-name].database.windows.net;Port=1433;Database=[dbname];User ID=[user];Password=[pass];Trusted_Connection=False;Encrypt=True;Connection Timeout=30; TrustServerCertificate=True;hostNameInCertificate=*.database.windows.net;
Explanation:
The TrustServerCertificate parameter indicates whether to trust the server certificate provided by the Azure SQL Database service. Setting it to True allows the connection to proceed even if the certificate is not issued for the specific server name specified in the connection string.
The hostNameInCertificate parameter allows the connection to succeed if the server certificate contains the specified hostname. This addresses the issue of the certificate being valid for a different hostname than the specified server name.
Azure Portal Configuration:
It is worth noting that the Azure portal suggests setting TrustServerCertificate to False and omitting the hostNameInCertificate parameter. However, this configuration did not resolve the issue.
The above is the detailed content of Why Does Azure SQL Database v12 Throw a TLS Handshake Failure After Upgrade?. For more information, please follow other related articles on the PHP Chinese website!