This post covers a few ways to fix the SSL certificate error 1416F086 returned by sqlcmd on Linux when connecting to SQL Server.
If you’re looking for ways to fix the Windows equivalent of this error when using dbatools, check out this blog post.
Intro
If you’re here, you’ve most likely ran into the following error message.
![terminal window: vlad@ubuntu02:~$ sqlcmd -S localhost -U sa Password: Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : SSL Provider: [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:self signed certificate]. Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : Client unable to establish connection. For solutions related to encryption errors, see https://go.microsoft.com/fwlink/?linkid=2226722. SSL certificate error 1416F086 sqlcmd Linux SQL Server](https://vladdba.com/wp-content/uploads/2024/04/SSLsqlcmdLinux_000-1024x203.png)
Unfortunately, the URL provided in the error message doesn’t really give a clear workaround for when sqlcmd throws this error, so I’ve figured a blog post about this might be helpful.
The cause
This is caused by a change in sqlcmd starting with version 18.0, that sets the default encryption mode for the connection to Mandatory.
The fix
The real fix is to implement TLS encryption for SQL Server with a valid certificate from a trusted Certificate Authority.
The “I don’t care, I just want it to work” fix is to either use the -C flag, which tells sqlcmd to trust the server certificate, or use the -No flag which tells sqlcmd that encryption is optional.
So, In my case, the command would look like this:
| 1 | sqlcmd -S localhost -U sa -C |
Or this:
| 1 | sqlcmd -S localhost -U sa -No |
And this works without any issues.
Conclusion
That’s it, that’s the whole post.