This short blog post covers a potentially breaking change that comes with the version of sqlcmd shipped with SQL Server 2025.
Issue
SQL Server 2025 provides ODBC sqlcmd version 17 which enforces an encrypted connection.
If you’re trying to use it to connect to instances that don’t have a CA-signed certificate or where TLS encryption was never properly configured, sqlcmd will throw the famous “certificate chain not trusted” error message:
Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : SSL Provider: The certificate chain was issued by an authority that is not trusted.
Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : Client unable to establish connection.
If you have automation relying on sqlcmd, they’ll start failing because of this.
Fixing the certificate chain not trusted error
Ideally, you’d have TLS encryption properly configured with a valid CA-signed certificate.
If that’s not feasible for reasons that are completely up to you and/or your Org., then ad the -C switch to the sqlcmd command.
Example:
- changing from
| 1 | sqlcmd -S localhost\SQL2025 -E |
- to
| 1 | sqlcmd -S localhost\SQL2025 -E -C |
Conclusion
SQL Server 2025 is still in public preview, but keep this in mind once you start using it when relying on the sqlcmd that gets installed along with it.
You might run into the “certificate chain not trusted” error working with:
- dbatools – see related post
- sqlcmd on Linux – see related post