We have tested with self-signed certificates which do not have any CA attached to them and there has been no issues in that matter. We will do some research and will get back to you.

@drdamour is it possible for you test with this nuget locally and see the error message? Just change the extension to nupkg and add it to a folder and add that folder to your nuget.config file as a local provider.

For some reason GitHub does not upload the file. It locks at upload task.

We have improved the error messages in the driver, but it has not been released yet. Wanted to know what issue is being detected with the certificate.

@JRahnama
I have a different version of the same question (maybe?).
If an application tries to connect to a server with Encrypt=true and Trust Server Certificate=false but the connection fails due to cert validation failure, how can the application show the certificate details to the user to ask them whether they want to try again with Trust Server Certificate=true ? AFAICT the Win32Exception just has a message why the validation failed but not any data about the cert itself.

This is a feature that would greatly benefit our product.

Currently, we default to using TrustServerCertificate=True, but we recognize this as a poor security practice. We aim to change the default to TrustServerCertificate=False.

Rather than having the TLS connection fail outright, we would like to enhance the user experience by presenting a dialog similar to an RDP connection. This dialog would display the certificate information and offer options to Continue, Continue & Remember, or Abort.

To achieve this, the library could potentially use the existing .NET callback:
ServicePointManager.ServerCertificateValidationCallback

Alternatively, it could be a custom callback function in the SqlConnection.

Regards,
Bronislav