Option not supported for Encrypt and TrustServerCertificate

Brown, Matt 126 Reputation points
2025-08-28T18:31:29.5033333+00:00

We can connect to MySQL in Workbench using SSL. When we update the code to use that connection in a secure way which passes a Fortify scan, we can't retrieve any data from it. If we remove both the Encrypt and TrustServerCertificate parts, we can get data to show up in the application. We get the 'option not supported' message when we add in a breakpoint and see why the connection is failing with the options enabled. From all of the research we have done, those options should be supported, so it feels like we are missing something.

<add key="app" value="server=server001;port=3306;database=db;uid=readonly;pwd=readonly;Trusted_Connection=no;Encrypt=yes;TrustServerCertificate=yes" />
Developer technologies | ASP.NET | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Raymond Huynh (WICLOUD CORPORATION) 715 Reputation points Microsoft External Staff
    2025-08-29T03:08:27.0966667+00:00

    Hello Brown, Matt,

    The issue you're encountering is because Encrypt and TrustServerCertificate are SQL Server connection string parameters, not MySQL ones. That's why you're getting the "option not supported" error.

    For MySQL connections, you need to use the MySQL-specific SSL parameters instead. Try updating your connection string to:

    <add key="app" value="server=server001;port=3306;database=db;uid=readonly;pwd=readonly;SslMode=Required;SslCa=path_to_ca_cert.pem" />
    

    The key differences:

    • Replace Encrypt=yes with SslMode=Required (or Preferred if you want to fall back to non-SSL)
    • Replace TrustServerCertificate=yes with SslCa=path_to_ca_cert.pem if you need to specify a CA certificate
    • If you don't have a specific CA cert, you can just use SslMode=Required and it should work with the server's certificate

    If you're using the MySQL Connector/NET, you might also see SslMode referred to as SSL Mode in some documentation.

    The reason you're getting the "option not supported" error is because the MySQL provider doesn't recognize those SQL Server-specific parameters. Once you switch to the MySQL SSL parameters, your Fortify scan should pass and you should be able to retrieve data properly.

    Hope this helps!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.