diff --git a/src/OrchardCore.Modules/OrchardCore.Tenants/Services/TenantValidator.cs b/src/OrchardCore.Modules/OrchardCore.Tenants/Services/TenantValidator.cs
index af26f01d9a3..2fbe414a94d 100644
--- a/src/OrchardCore.Modules/OrchardCore.Tenants/Services/TenantValidator.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Tenants/Services/TenantValidator.cs
@@ -135,6 +135,12 @@ private async Task ValidateConnectionAsync(DbConnectionValidatorContext validati
S["The provided connection string is invalid or server is unreachable."]));
break;
+ case DbConnectionValidatorResult.InvalidCertificate:
+ errors.Add(new ModelError(
+ nameof(TenantViewModel.ConnectionString),
+ S["The security certificate on the server is from a non-trusted source (the certificate issuing authority isn't listed as a trusted authority in Trusted Root Certification Authorities on the client machine). In a development environment, you have the option to use the '{0}' parameter in your connection string to bypass the validation performed by the certificate authority.", "TrustServerCertificate=True"]));
+ break;
+
case DbConnectionValidatorResult.DocumentTableFound:
if (validationContext.DatabaseProvider == DatabaseProviderValue.Sqlite)
{
diff --git a/src/OrchardCore/OrchardCore.Data.Abstractions/DbConnectionValidatorResult.cs b/src/OrchardCore/OrchardCore.Data.Abstractions/DbConnectionValidatorResult.cs
index 88c49d244f1..6b79367c6e9 100644
--- a/src/OrchardCore/OrchardCore.Data.Abstractions/DbConnectionValidatorResult.cs
+++ b/src/OrchardCore/OrchardCore.Data.Abstractions/DbConnectionValidatorResult.cs
@@ -38,5 +38,12 @@ public enum DbConnectionValidatorResult
///
/// Unsupported database provider.
///
- UnsupportedProvider
+ UnsupportedProvider,
+
+ ///
+ /// The connection was valid but the SSL certificate invalid. The a certificate
+ /// is from a non-trusted source (the certificate issuing authority isn't listed as a
+ /// trusted authority in Trusted Root Certification Authorities on the client machine).
+ ///
+ InvalidCertificate,
}
diff --git a/src/OrchardCore/OrchardCore.Data.YesSql/DbConnectionValidator.cs b/src/OrchardCore/OrchardCore.Data.YesSql/DbConnectionValidator.cs
index 79c4e1492d7..e27fa865f8a 100644
--- a/src/OrchardCore/OrchardCore.Data.YesSql/DbConnectionValidator.cs
+++ b/src/OrchardCore/OrchardCore.Data.YesSql/DbConnectionValidator.cs
@@ -103,6 +103,12 @@ connection is SqliteConnection sqliteConnection &&
{
_logger.LogWarning(ex, "Unable to validate connection string.");
+ if (ex is SqlException sqlException
+ && sqlException.InnerException?.Message == "The certificate chain was issued by an authority that is not trusted.")
+ {
+ return DbConnectionValidatorResult.InvalidCertificate;
+ }
+
return DbConnectionValidatorResult.InvalidConnection;
}
diff --git a/src/OrchardCore/OrchardCore.Setup.Core/SetupService.cs b/src/OrchardCore/OrchardCore.Setup.Core/SetupService.cs
index 8146b395d25..533ce318740 100644
--- a/src/OrchardCore/OrchardCore.Setup.Core/SetupService.cs
+++ b/src/OrchardCore/OrchardCore.Setup.Core/SetupService.cs
@@ -173,6 +173,9 @@ private async Task SetupInternalAsync(SetupContext context)
case DbConnectionValidatorResult.InvalidConnection:
context.Errors.Add(string.Empty, S["The provided connection string is invalid or server is unreachable."]);
break;
+ case DbConnectionValidatorResult.InvalidCertificate:
+ context.Errors.Add(string.Empty, S["The security certificate on the server is from a non-trusted source (the certificate issuing authority isn't listed as a trusted authority in Trusted Root Certification Authorities on the client machine). In a development environment, you have the option to use the '{0}' parameter in your connection string to bypass the validation performed by the certificate authority.", "TrustServerCertificate=True"]);
+ break;
case DbConnectionValidatorResult.DocumentTableFound:
context.Errors.Add(string.Empty, S["The provided database, table prefix and schema are already in use."]);
break;