Werk #18538: mk-sql ODBC backend supports trust server certificate option

Component

Checks & agents

Title

mk-sql ODBC backend supports trust server certificate option

Date

Oct 28, 2025

Level

Trivial Change

Class

Bug Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.5.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.4.0p16 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p40 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

Previously, the ODBC backend ignored the configuration flag `trust_server_certificate, which made it impossible to connect to a database when the server’s SSL certificate was invalid or untrusted.

Starting with this release, the ODBC backend correctly respects the trust_server_certificate option. This allows connections to proceed even if the server certificate cannot be validated — or, conversely, to forbid the connection entirely if the flag is set to false.

Note: In Microsoft SQL Server, 'TrustServerCertificate' means whether the client accepts the server’s SSL certificate without validation. When set to true, the connection is encrypted but the certificate’s authenticity is not verified, which may expose clients to man-in-the-middle (MITM) attacks.

To the list of all Werks