Medium severitydata source
Power BI Refresh Error:
DF-MSSQL-InvalidCertificate
What does this error mean?
The SSL/TLS certificate presented by the SQL Server is not trusted by ADF — either because the server uses a self-signed certificate, the certificate is expired, or the certificate's CN/SAN doesn't match the server hostname. ADF Mapping Data Flow connections use TLS encryption and validate the server certificate by default.
Common causes
- 1The SQL Server uses a self-signed certificate not issued by a trusted CA
- 2The SSL certificate on the SQL Server has expired
- 3The certificate's Common Name (CN) or Subject Alternative Name (SAN) doesn't match the server FQDN in the linked service
- 4The linked service has 'Encrypt connection' enabled but 'Trust server certificate' is disabled — and the cert can't be validated
How to fix it
- 1In ADF Studio, open the SQL linked service and check the 'Encrypt' and 'Trust server certificate' settings in the 'Advanced' section.
- 2For development or internal SQL servers with self-signed certificates, enable 'Trust server certificate' in the linked service to bypass certificate validation.
- 3For production servers, install a valid certificate from a trusted CA on the SQL Server (the cert CN must match the server FQDN used in the linked service).
- 4Verify the certificate has not expired by checking the SQL Server certificate in Windows Certificate Manager on the server host.
- 5After updating the certificate or linked service settings, click 'Test connection' to confirm the TLS handshake succeeds.
Frequently asked questions
Official documentation: https://learn.microsoft.com/en-us/azure/data-factory/data-flow-troubleshoot-guide