If you’re connecting a Laravel application to a remote SQL Server (MSSQL) using the ODBC Driver 17/18 on Debian and encountering an SSL certificate error like:
SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:0A000086:SSL routines::certificate verify failed:self-signed certificate]β¦then you’re not alone. This error occurs when the driver fails to verify a self-signed SSL certificate on your SQL Server.
In this post, Iβll walk you through how to configure Laravel properly, install the necessary drivers, and resolve this issue completely.
In raw PHP using sqlsrv_connect(), this config works fine:
$connectionInfo = array(
"Database" => "MAIM_DB_DEV",
"UID" => "DB_USER",
"PWD" => "your-password",
"CharacterSet" => "UTF-8",
"TrustServerCertificate" => "yes"
);
$conn = sqlsrv_connect("XXX.XXX.XXX.XXX", $connectionInfo);But in Laravel using DB::connection('sqlsrv')->get(), it fails with:
SQLSTATE[08001]: [Microsoft][ODBC Driver 17/18 for SQL Server]SSL Provider: certificate verify failed: self-signed certificateLaravel uses PDO with SQL Server, and the PDO driver requires specific connection options to trust a self-signed certificate.
Merely setting 'encrypt' => true is not enough. You must explicitly pass "TrustServerCertificate" => true in the PDO options array.
Example sqrsrv config in database.php
'sqlsrv' => [
'driver' => 'sqlsrv',
'host' => env('DBSQLSRV_HOST', 'localhost'),
'port' => env('DBSQLSRV_PORT', '1433'),
'database' => env('DBSQLSRV_DATABASE', 'forge'),
'username' => env('DBSQLSRV_USERNAME', 'forge'),
'password' => env('DBSQLSRV_PASSWORD', ''),
'charset' => 'utf8',
'prefix' => '',
'prefix_indexes' => true,
'encrypt' => true,
'trust_server_certificate' => true, // Laravel 10+ (optional)
// THIS IS THE CRITICAL FIX
'options' => [
"TrustServerCertificate" => true,
"Encrypt" => 1,
],
],On Debian (I’m using version Debian 12.9 and PHP 8.3), run:
sudo apt update
sudo apt install -y gnupg2 lsb-release apt-transport-https software-properties-common
# Add Microsoft repo
curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc
curl -sSL https://packages.microsoft.com/config/debian/12/prod.list | sudo tee /etc/apt/sources.list.d/mssql-release.list
# Update and install
sudo apt update
sudo ACCEPT_EULA=Y apt install -y msodbcsql17 unixodbc-dev
# PHP dev tools
sudo apt install -y php8.3-dev php-pear g++
# Install drivers
sudo pecl install pdo_sqlsrv
sudo pecl install sqlsrv
# Enable extensions
echo "extension=pdo_sqlsrv.so" | sudo tee /etc/php/8.3/mods-available/pdo_sqlsrv.ini
echo "extension=sqlsrv.so" | sudo tee /etc/php/8.3/mods-available/sqlsrv.ini
sudo phpenmod pdo_sqlsrv sqlsrv
# Restart PHP
sudo systemctl restart php8.3-fpm # or apache2 if using Apache2. β
Configure .env
DB_CONNECTION=sqlsrv
DBSQLSRV_HOST=XXX.XXX.XXX.XXX
DBSQLSRV_PORT=1433
DBSQLSRV_DATABASE=DB_NAME
DBSQLSRV_USERNAME=DB_USERNAME
DBSQLSRV_PASSWORD=your-passwordconfig/database.phpInside the connections array:
'sqlsrv' => [
'driver' => 'sqlsrv',
'host' => env('DBSQLSRV_HOST', 'localhost'),
'port' => env('DBSQLSRV_PORT', '1433'),
'database' => env('DBSQLSRV_DATABASE', 'forge'),
'username' => env('DBSQLSRV_USERNAME', 'forge'),
'password' => env('DBSQLSRV_PASSWORD', ''),
'charset' => 'utf8',
'prefix' => '',
'prefix_indexes' => true,
'encrypt' => true,
'trust_server_certificate' => true,
'options' => [
PDO::SQLSRV_ATTR_CONNECTION_POOLING => false,
"TrustServerCertificate" => true,
"Encrypt" => 1,
],
],β Clear and Cache Config (if required)
php artisan config:clear
php artisan config:cacheTry this in your Controller or Route (web.php):
dd(DB::connection('sqlsrv')->getPdo());You should now see a successful PDO instance, and any SQL queries should work as expected.
Connecting Laravel to SQL Server on Debian using ODBC and a self-signed certificate takes a bit of tweaking, especially with PDO. But once you pass the correct trust options in config/database.php, you’re all set.
This solution works with:
