Option not supported for Encrypt and TrustServerCertificate

Question

Option not supported for Encrypt and TrustServerCertificate

Brown, Matt 146

We can connect to MySQL in Workbench using SSL. When we update the code to use that connection in a secure way which passes a Fortify scan, we can't retrieve any data from it. If we remove both the Encrypt and TrustServerCertificate parts, we can get data to show up in the application. We get the 'option not supported' message when we add in a breakpoint and see why the connection is failing with the options enabled. From all of the research we have done, those options should be supported, so it feels like we are missing something.

<add key="app" value="server=server001;port=3306;database=db;uid=readonly;pwd=readonly;Trusted_Connection=no;Encrypt=yes;TrustServerCertificate=yes" />

Raymond Huynh (WICLOUD CORPORATION) 2,215 Reputation points Microsoft External Staff

2025-09-16T10:06:45.8766667+00:00

Hi Brown, Matt , if you still have any questions, I’d be happy to help.
Otherwise, feel free to interact with the system so this case can be closed.

Answer accepted by question author

0 additional answers

Your answer

Raymond Huynh (WICLOUD CORPORATION) 2,215 Reputation points Microsoft External Staff

2025-09-16T10:06:45.8766667+00:00

Hi Brown, Matt , if you still have any questions, I’d be happy to help.
Otherwise, feel free to interact with the system so this case can be closed.

Answer 1

Raymond Huynh (WICLOUD CORPORATION) 2,215 Microsoft External Staff

Hello Brown, Matt,

The issue you're encountering is because Encrypt and TrustServerCertificate are SQL Server connection string parameters, not MySQL ones. That's why you're getting the "option not supported" error.

For MySQL connections, you need to use the MySQL-specific SSL parameters instead. Try updating your connection string to:

<add key="app" value="server=server001;port=3306;database=db;uid=readonly;pwd=readonly;SslMode=Required;SslCa=path_to_ca_cert.pem" />

The key differences:

Replace Encrypt=yes with SslMode=Required (or Preferred if you want to fall back to non-SSL)
Replace TrustServerCertificate=yes with SslCa=path_to_ca_cert.pem if you need to specify a CA certificate
If you don't have a specific CA cert, you can just use SslMode=Required and it should work with the server's certificate

If you're using the MySQL Connector/NET, you might also see SslMode referred to as SSL Mode in some documentation.

The reason you're getting the "option not supported" error is because the MySQL provider doesn't recognize those SQL Server-specific parameters. Once you switch to the MySQL SSL parameters, your Fortify scan should pass and you should be able to retrieve data properly.

Hope this helps!

Brown, Matt 146 Reputation points

2025-08-29T04:52:31.68+00:00

I'll look into this once I'm back in the office. I know we tried using 'SslMode=Required.'
Raymond Huynh (WICLOUD CORPORATION) 2,215 Reputation points Microsoft External Staff

2025-09-03T02:32:23.47+00:00

Hello Brown, Matt. Has you problem been solved yet?
Brown, Matt 146 Reputation points

2025-09-05T19:39:50.4033333+00:00

While the code essentially works, it isn't passing a Fortify scan. I sent a message to the Fortify Slack channel at work to see what we are doing wrong.
Raymond Huynh (WICLOUD CORPORATION) 2,215 Reputation points Microsoft External Staff

2025-09-09T06:28:47.9133333+00:00

Thanks you for your update Brown, Matt .
Feel free to interact with the system if you find my response helpful. If you have any further questions, just leave a comment here!
Raymond Huynh (WICLOUD CORPORATION) 2,215 Reputation points Microsoft External Staff

2025-09-12T10:46:39.22+00:00

Hello Brown, Matt.
If you’re still experiencing the issue or need further support, feel free to jump back in at any time. I will always be here and happy to help.

Share via

Option not supported for Encrypt and TrustServerCertificate

0 additional answers

Your answer