This post covers a few ways to fix the SSL certificate error 1416F086 returned by sqlcmd on Linux when connecting to SQL Server.
If you’re looking for ways to fix the Windows equivalent of this error when using dbatools, check out this blog post.
Intro
If you’re here, you’ve most likely ran into the following error message.
The relevant portion of the error message is:
- Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : SSL Provider: [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:self signed certificate].
Unfortunately, the URL provided in the error message doesn’t really give a clear workaround for when sqlcmd throws this error, so I’ve figured a blog post about this might be helpful.
The cause
This is caused by a change in sqlcmd starting with version 18.0, that sets the default encryption mode for the connection to Mandatory.
The fix
The real fix is to implement TLS encryption for SQL Server with a valid certificate from a trusted Certificate Authority.
The “I don’t care, I just want it to work” fix is to either use the -C
flag.
This flag tells sqlcmd to trust the server certificate, or use the -No
flag which tells sqlcmd that encryption is optional.
So, In my case, the command would look like this:
1 | sqlcmd -S localhost -U sa -C |
Or this:
1 | sqlcmd -S localhost -U sa -No |
And this works without any issues.
Conclusion
That’s it, that’s the whole post. The fix is simple, but the error takes a lot of people by surprise.
If you work a lot with sqlcmd on Linux, you might also run into this other error.