skip to Main Content

I have a Laravel project running in a Docker environment, and I’m trying to connect to an SQL Server database. I’m using ubuntu server. However, I’m encountering the following error when executing the query:
DB::connection('sqlsrv')->table('Order')->first();
Error Message:

IlluminateDatabaseQueryException SQLSTATE[08001]: [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:0A000086:SSL routines::certificate verify failed:EE certificate key too weak] (Connection: sqlsrv, SQL: select top 1 * from [Order]).

My Nginx Configuration:

server {
    server_name localhost;
    root /var/www/html/crm/public/;
    index index.php index.html index.htm;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # PHP-FPM Configuration Nginx
    location ~ .php$ {
        try_files $uri = 404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass php8:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

My Dockerfile:

FROM php:8.2-fpm

RUN apt-get update && apt-get upgrade -y

RUN apt-get install -y libzip-dev zip unzip git curl gnupg

RUN apt-get install -y default-mysql-client

RUN curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg

RUN curl https://packages.microsoft.com/config/ubuntu/24.04/prod.list | tee /etc/apt/sources.list.d/mssql-release.list

RUN apt-get update && ACCEPT_EULA=Y apt-get install -y msodbcsql18

RUN apt-get update

RUN apt-get install -y unixodbc-dev 
    && pecl install sqlsrv-5.12.0 pdo_sqlsrv-5.12.0

RUN docker-php-ext-enable sqlsrv pdo_sqlsrv

RUN docker-php-ext-install zip 
    && docker-php-ext-install mysqli 
    && docker-php-ext-install bcmath 
    && docker-php-ext-install ctype 
    && docker-php-ext-install fileinfo 
    && docker-php-ext-install pdo 
    && docker-php-ext-install pdo_mysql

RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

My Docker Compose YAML File:

version: '3.8'

services:
  php8:
    build:
      context: ./docker/php8
    hostname: php8
    ports:
      - "19000:9000"
    volumes:
      - ./projects/:/var/www/html/
      - ./docker/php8/www.conf:/usr/local/etc/php-fpm.d/www.conf
      - ./docker/php8/php.ini:/usr/local/etc/php/php.ini
    environment:
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
      SQLSRV_ENCRYPT: true
      SQLSRV_TRUST_SERVER_CERTIFICATE: true
      SQLSRV_TLS_VERSION: 1.2
    networks:
      - laravel

  nginx:
    platform: linux/x86_64
    image: nginx:1.13.8
    ports:
      - "80:80"
    volumes:
      - ./projects/:/var/www/html/
      - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
    depends_on:
      - php8
    networks:
      - laravel

  mysql:
    platform: linux/x86_64
    image: mysql:8.0
    ports:
      - "3306:3306"
    depends_on:
      - php8
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    networks:
      - laravel

  phpmyadmin:
    image: phpmyadmin/phpmyadmin:latest
    platform: linux/x86_64
    environment:
      PMA_HOST: mysql
      PMA_USER: root
      PMA_PASSWORD: ${MYSQL_ROOT_PASSWORD}
    depends_on:
      - mysql
    ports:
      - "8080:80"
    networks:
      - laravel

networks:
  laravel:
    driver: bridge

My application is running locally, so there is no external access. I have enabled SSL encryption and trust for the server certificate, but I’m still facing this issue. Any help would be greatly appreciated!

I add encrypt and trustServerCertificate options on my config/database.php file but not solved problem.

        'sqlsrv' => [
            'driver' => 'sqlsrv',
            'url' => env('DB_URL'),
            'host' => env('MSSQL_HOST', 'localhost'),
            'port' => env('MSSQL_PORT', '1433'),
            'database' => env('MSSQL_DATABASE', 'laravel'),
            'username' => env('MSSQL_USERNAME', 'root'),
            'password' => env('MSSQL_PASSWORD', ''),
            'charset' => env('DB_CHARSET', 'utf8'),
            'prefix' => '',
            'prefix_indexes' => true,
            // 'encrypt' => env('DB_ENCRYPT', 'yes'),
            // 'trust_server_certificate' => env('DB_TRUST_SERVER_CERTIFICATE', 'false'),
            'schema' => 'dbo',
            'options' => [
                PDO::SQLSRV_ATTR_ENCODING => PDO::SQLSRV_ENCODING_UTF8,
                'encrypt' => false, 
                'trustServerCertificate' => true, 
            ],

        ],

2

Answers


  1. Chosen as BEST ANSWER

    Problem Solved! I add code below into /etc/ssl/openssl.cnf file:

    [openssl_init]
    ssl_conf = ssl_configuration    # Section must be registered here
    
    # I adding new section in the end of the file:
    
    [ssl_configuration]
    system_default = tls_system_default
    
    [tls_system_default]
    MinProtocol = TLSv1
    CipherString = DEFAULT@SECLEVEL=0
    

  2. After MSSQL ODBC Driver 17 version, Microsoft force the database connection using TLS encryption, if you are using the version or higher, also you don’t want to use TLS on connection, just configure your config/database.php, add the following into sqlsrv block:

    'encrypt' => 'false', // alternatively, defer to an env variable
    'trust_server_certificate' => 'true', // alternatively, defer to an env variable
    

    If you got other sql server customize connection block also have to config.

    The final configuration will look like:

    'sqlsrv' => [
        'driver' => 'sqlsrv',
        'url' => env('DATABASE_URL'),
        'host' => env('DB_HOST', 'localhost'),
        'port' => env('DB_PORT', '1433'),
        'database' => env('DB_DATABASE', 'forge'),
        'username' => env('DB_USERNAME', 'forge'),
        'password' => env('DB_PASSWORD', ''),
        'charset' => 'utf8',
        'prefix' => '',
        'prefix_indexes' => true,
    
        // added follows
        'encrypt' => 'false', // alternatively, defer to an env variable
        'trust_server_certificate' => 'true', // alternatively, defer to an env variable
    ],
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search