Property TrustServerCertificate

Namespace

YndigoBlue.Velocity.Data.SqlServer

Assembly

YndigoBlue.Velocity.dll

TrustServerCertificate

Gets or sets whether to trust the server certificate without validation.

public bool TrustServerCertificate { get; set; }

Property Value

bool

Remarks

When enabled (default), the SQL Server connection bypasses certificate validation, trusting the server certificate without verification. This is appropriate for development and testing environments with self-signed certificates.

warning

Setting this to false in production is strongly recommended for security. Without trusting invalid certificates, encrypted connections are protected against man-in-the-middle attacks and other certificate-based vulnerabilities.

Security Implications:

• When true (Default - Development Only): Accepts any server certificate, including self-signed, expired, or invalid ones. Convenient for development but creates a security vulnerability in production.
• When false (Production Recommended): Validates the server certificate against the system's certificate store. The connection fails if the certificate is invalid, expired, or doesn't match the server name. This is the secure approach for production environments.

Recommendation: Keep this enabled only during development. For production deployments, set to false and ensure your SQL Server uses a valid, trusted certificate signed by a recognized Certificate Authority.

When SslMode is VerifyCA or VerifyFull, this property always returns false regardless of any assigned value, as certificate validation is required.