🛎️🔔🫑🔐 New Certificate and Encryption Defaults in dbatools 2.0 🔐🫑🔔🛎️

[potatoqualitee]

Hear ye, hear ye, dbatools 2.0 will be released soon and, unless you encrypt your SQL Server connections, you'll need to make some changes.

Microsoft's SQL Server connection libraries have new defaults so we do too. These library changes also impact the SqlServer module and Azure Data Studio (tho not SSMS yet it seems).

These changes will cause one or more of the following errors when connecting to unencrypted SQL Servers with dbatools 2.0:

• The target principal name is incorrect
• An existing connection was forcibly closed by the remote host
• The certificate chain was issued by an authority that is not trusted
• The instance of SQL Server you attempted to connect to does not support encryption
• The remote certificate was rejected by the provided RemoteCertificateValidationCallback

To learn how to encrypt your SQL Server connections, check out @ACALVETT's post, Configuring network encryption for SQL Server This is the best way to handle the new changes because these changes will eventually impact all SQL Server-related applications.

I also wrote a blog post, New Encryption and Certificate Defaults in Microsoft's SQL Server Connection Provider, that shows less secure ways to manage these changes.

The blog post also covers a new command I recently created called Set-DbatoolsInsecureConnection to help address these issues. I'll be using this often in my CI/CD scenarios.