Microsoft.Data.SqlClient. SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0: The certificate chain was issued by an authority that is not trusted.

Issue Description: Error while connecting AWS RDS DB instance, The certificate chain was issued by an authority that is not trusted.

Root Cause: Orchestrator server is unable to authenticate with AWS RDS this is because, cert is not trusted .

1. To make this work, Download the RDS certificate from the AWS side. To obtain that certificate, download it to the client's computer. Download a root certificate that works for all regions. Also download a certificate bundle that contains both the old and new root certificates. In addition, download region-specific intermediate certificates. For more information about downloading certificates, see Using SSL/TLS to encrypt a connection to a DB instance.

Example for rds-ca-2019

2. Download it from here. Change version 2019 to 2015(as needed). This is for rds-ca-2019-root.pem.

• https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem

3. Copy it to a local machine and rename the pem file to a.crt file.

4. Move the file from the local machine to the Orchestrator server

5. Import or install the file on the orchestrator machine to a personal and trusted location.

Importing Certificates On Client Computers

Use the following procedure to import your certificate into the Microsoft Windows operating system on the client computer. To import the certificate into the Windows Operating System, follow below steps,

1. On the Start menu, type Run in the search box and press Enter
2. In the Open box, type MMC and then choose OK
3. In the MMC console, on the File menu, choose Add/Remove Snap-in
4. In the Add or Remove Snap-ins dialog box, for Available snap-ins, select Certificates, and then choose Add
5. In the Certificates snap-in dialog box, choose Computer account, and then choose Next
6. In the Select computer dialog box, choose Finish
7. In the Add or Remove Snap-ins dialog box, choose OK
8. In the MMC console, expand Certificates, open the context (right-click) menu for Trusted Root Certification Authorities, choose All Tasks, and then choose Import
9. On the first page of the Certificate Import Wizard, choose Next
10. On the second page of the Certificate Import Wizard, choose Browse. In the browse window, change the file type to All files (*.*) because .pem is not a standard certificate extension. Locate the .pem file that you downloaded previously
11. Choose Open to select the certificate file, and then choose Next
12. On the third page of the Certificate Import Wizard, choose Next
13. On the fourth page of the Certificate Import Wizard, choose Finish. A dialog box appears indicating that the import was successful
14. In the MMC console, expand Certificates, expand Trusted Root Certification Authorities, and then choose Certificates. Locate the certificate to confirm it exists, as shown here.

rds_sql_ssl_cert.png1070×236 70.7 KB

15. Update the connection string with TrustServerCertificate=True and Encrypt=True for all connection strings in the configuration files,

• \uipath\orchestrator\uipath.orchestrator.dll.config
• \uipath\orchestrator\Identity\appsettings.production.json
• \uipath\orchestrator\Webhooks\appsettings.production.json

16. Restart IIS.

For more details, refer the pages:

• AmazonRDS : Using SSL/TLS to encrypt a connection to a DB instance
• AmazonRDS: Using SSL with a Microsoft SQL Server DB instance