Question posted in 
I have a Laravel project running in a Docker environment, and I’m trying to connect to an SQL Server database. I’m using ubuntu server. However, I’m encountering the following error when executing the query:
DB::connection('sqlsrv')->table('Order')->first();
Error Message:
IlluminateDatabaseQueryException SQLSTATE[08001]: [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:0A000086:SSL routines::certificate verify failed:EE certificate key too weak] (Connection: sqlsrv, SQL: select top 1 * from [Order]).
My Nginx Configuration:
server {
server_name localhost;
root /var/www/html/crm/public/;
index index.php index.html index.htm;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP-FPM Configuration Nginx
location ~ .php$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass php8:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
My Dockerfile:
FROM php:8.2-fpm
RUN apt-get update && apt-get upgrade -y
RUN apt-get install -y libzip-dev zip unzip git curl gnupg
RUN apt-get install -y default-mysql-client
RUN curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg
RUN curl https://packages.microsoft.com/config/ubuntu/24.04/prod.list | tee /etc/apt/sources.list.d/mssql-release.list
RUN apt-get update && ACCEPT_EULA=Y apt-get install -y msodbcsql18
RUN apt-get update
RUN apt-get install -y unixodbc-dev
&& pecl install sqlsrv-5.12.0 pdo_sqlsrv-5.12.0
RUN docker-php-ext-enable sqlsrv pdo_sqlsrv
RUN docker-php-ext-install zip
&& docker-php-ext-install mysqli
&& docker-php-ext-install bcmath
&& docker-php-ext-install ctype
&& docker-php-ext-install fileinfo
&& docker-php-ext-install pdo
&& docker-php-ext-install pdo_mysql
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
My Docker Compose YAML File:
version: '3.8'
services:
php8:
build:
context: ./docker/php8
hostname: php8
ports:
- "19000:9000"
volumes:
- ./projects/:/var/www/html/
- ./docker/php8/www.conf:/usr/local/etc/php-fpm.d/www.conf
- ./docker/php8/php.ini:/usr/local/etc/php/php.ini
environment:
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
SQLSRV_ENCRYPT: true
SQLSRV_TRUST_SERVER_CERTIFICATE: true
SQLSRV_TLS_VERSION: 1.2
networks:
- laravel
nginx:
platform: linux/x86_64
image: nginx:1.13.8
ports:
- "80:80"
volumes:
- ./projects/:/var/www/html/
- ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
depends_on:
- php8
networks:
- laravel
mysql:
platform: linux/x86_64
image: mysql:8.0
ports:
- "3306:3306"
depends_on:
- php8
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
networks:
- laravel
phpmyadmin:
image: phpmyadmin/phpmyadmin:latest
platform: linux/x86_64
environment:
PMA_HOST: mysql
PMA_USER: root
PMA_PASSWORD: ${MYSQL_ROOT_PASSWORD}
depends_on:
- mysql
ports:
- "8080:80"
networks:
- laravel
networks:
laravel:
driver: bridge
My application is running locally, so there is no external access. I have enabled SSL encryption and trust for the server certificate, but I’m still facing this issue. Any help would be greatly appreciated!
I add encrypt and trustServerCertificate options on my config/database.php file but not solved problem.
'sqlsrv' => [
'driver' => 'sqlsrv',
'url' => env('DB_URL'),
'host' => env('MSSQL_HOST', 'localhost'),
'port' => env('MSSQL_PORT', '1433'),
'database' => env('MSSQL_DATABASE', 'laravel'),
'username' => env('MSSQL_USERNAME', 'root'),
'password' => env('MSSQL_PASSWORD', ''),
'charset' => env('DB_CHARSET', 'utf8'),
'prefix' => '',
'prefix_indexes' => true,
// 'encrypt' => env('DB_ENCRYPT', 'yes'),
// 'trust_server_certificate' => env('DB_TRUST_SERVER_CERTIFICATE', 'false'),
'schema' => 'dbo',
'options' => [
PDO::SQLSRV_ATTR_ENCODING => PDO::SQLSRV_ENCODING_UTF8,
'encrypt' => false,
'trustServerCertificate' => true,
],
],
2
Answers
Problem Solved! I add code below into /etc/ssl/openssl.cnf file:
After MSSQL ODBC Driver 17 version, Microsoft force the database connection using TLS encryption, if you are using the version or higher, also you don’t want to use TLS on connection, just configure your config/database.php, add the following into
sqlsrvblock:If you got other sql server customize connection block also have to config.
The final configuration will look like: