# SSL/TLS certificate validation errors when connecting to databases

**Symptoms**

During installation or configuration, the extension cannot establish a database connection.\
Error messages may mention SSL/TLS, certificate trust, or “the certificate chain was issued by an authority that is not trusted.”

* Error message example:

  ```
  SQLSTATE[08001]: [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: 
  The certificate chain was issued by an authority that is not trusted.
  ```

**Cause**\
The database requires SSL encryption, but the certificate presented cannot be validated. This often occurs when:

* A self-signed certificate is being used, and its authority certificate is not trusted on the machine running the extension.
* The full certificate chain (including intermediate certificates) is not installed.
* The client is enforcing encryption, but cannot verify the server’s certificate.

**Solution**

* If possible, use a certificate signed by a trusted Certificate Authority (CA).
* If using a self-signed certificate, import the authority certificate into the **Trusted Root Certification Authorities** store of the machine running the extension.
* Ensure the full certificate chain (including intermediates) is installed.
* If issues persist during installation, you can try resetting the setup:
  * Stop the extension service.
  * Delete the `runtime` and `config` folders to reset the installation.
  * Restart the installation and re-enter database details.
  * As a last resort, tick **Disable SSL certificate validation** to bypass the validation check.