[多发性硬化症][适用于 SQL Server 的 ODBC 驱动程序 18][错误:1416F086:SSL 例程:tls_process_server_certificate:证书验证失败:自签名证书]

[MS][ODBC Driver 18 for SQL Server][error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:self signed certificate]

提问人:ButcherFromHell 提问时间:10/4/2023 最后编辑:jarlhButcherFromHell 更新时间:10/4/2023 访问量:70

问:

我正在使用 Centos7 上的 PHP 8.0 和 PLESK Onyx 连接到 SQL Serversqlsrv

尝试连接时出现错误:

Array
(
    [0] => Array
        (
            [0] => 08001
            [SQLSTATE] => 08001
            [1] => -1
            [code] => -1
            [2] => [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:self signed certificate]
            [message] => [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:self signed certificate]
        )

    [1] => Array
        (
            [0] => 08001
            [SQLSTATE] => 08001
            [1] => -1
            [code] => -1
            [2] => [Microsoft][ODBC Driver 18 for SQL Server]Client unable to establish connection. For solutions related to encryption errors, see https://go.microsoft.com/fwlink/?linkid=2226722
            [message] => [Microsoft][ODBC Driver 18 for SQL Server]Client unable to establish connection. For solutions related to encryption errors, see https://go.microsoft.com/fwlink/?linkid=2226722
        )

)

要连接,我有这样的东西:

$params = [
    "UID" => $username,
    "PWD" => $password,
    "Database" => $database,
    "TrustServerCertificate" => "yes"
];
if(sqlsrv_connect($host, $params)) {
    echo "connected..";
} else {
    echo "Connection could not be established.<br />";
    echo "<pre>";
    die( print_r( sqlsrv_errors(), true));
    echo "</pre>";
}

因此,我已经使用此处所述的方法来修复该错误> ODBC Driver 18 for SQL Server]SSL 提供程序:[错误:1416F086] "TrustServerCertificate" => "yes"

php sql-server odbc 驱动程序 sqlsrv

评论

答:

1赞 ButcherFromHell 10/4/2023 #1

当传递参数需要 true/false 值时 - 不是“yes/no”(他们在 Microsoft 文档中使用 yes/no,有时可能会令人困惑),所以:sqlsrv_connectTrustServerCertificate

$params = [
    "UID" => $username,
    "PWD" => $password,
    "Database" => $database,
    "TrustServerCertificate" => true
];
if(sqlsrv_connect($host, $params)) {
    echo "connected..";
} else {
    echo "Connection could not be established.<br />";
    echo "<pre>";
    die( print_r( sqlsrv_errors(), true));
    echo "</pre>";
}

这就是它的工作原理。

如前所述在实现与MSSQL的安全(加密)连接时,有3件事很重要:

  1. 选项 Encrypt 和 TrustServerCertificate 通常一起使用。
  2. 默认情况下,SQL Server 会安装一个自签名证书,该证书将用于加密连接。
  3. 替换证书后,设置 Encrypt = true 和 TrustServerCertificate = false(TrustServerCertificate = true 也有效,但您的连接将容易受到攻击)

上一个:PHP 7.2 + sqlsrv + string(237) “SQLSTATE[IMSSP]:此扩展需要 Microsoft ODBC Driver for SQL Server 才能与 SQL Server 通信

下一个:IIS PHP 使用 Windows 身份验证和最终用户标识连接到 MSSQL