Skip to content

Latest commit

 

History

History
16 lines (16 loc) · 2.01 KB

File metadata and controls

16 lines (16 loc) · 2.01 KB
author MikeRayMSFT
ms.author mikeray
ms.reviewer randolphwest
ms.date 04/22/2026
ms.service sql
ms.subservice t-sql
ms.topic include
Key Supported Values Description
Encrypt Mandatory, Strict, Optional Specifies how encryption to the availability group is enforced. If the server doesn't support encryption, the connection fails. If you set encryption to Mandatory, then TrustServerCertificate must be set to yes. If you set encryption to Strict, then TrustServerCertificate is ignored.

Note: This key value pair is required.
HostNameInCertificate Replica name or AG listener name Specifies the replica name or availability group listener name in the certificate that's used for encryption. This value must match the value in the Subject Alternative Name of the certificate. If the server name is listed in the certificate, then you can omit the HostNameInCertificate key-value pair. If the server name isn't listed in the certificate, then you must specify the HostNameInCertificate key-value pair with the server name.

Note: This key value pair is optional.
TrustServerCertificate Yes, No Set to yes to specify that the driver doesn't validate the server TLS/SSL certificate. If no, the driver validates the certificate. For more information, review TDS 8.0.

Note: This key value pair is optional.
ServerCertificate Path to your certificate If you don't want to use HostNameInCertificate, you can pass the path to your certificate. The cluster service account must have permission to read the certificate from the given location.

Note: This key value pair is optional.
CLUSTER_CONNECTION_OPTIONS Empty string ('') Clears the existing configuration and reverts to default encryption settings of Encrypt=Mandatory and TrustServerCertificate=Yes.