Connector Improvement: SQL Server/Database connections: Request for Reconnection in case of Certificates being Updated
Answered
Hello Team,
We have many sql server connections that need to be reconnected whenever there are certificate changes at the source.
When the certificates are updated at source databases, can Fivetran automatically try to reconnect to the source rather then the team having to manually perform the reconnection. It will save us time, effort and the need for manual intervention; as this issue is sorted immediately when we 'Save and Test' the affected connector.
Also, the data sync wouldn't be hampered over the weekend and once the source is up and running, so will our connectors.
-
Official comment
Hi Reuben,
Thank you so much for submitting this feature request and for highlighting the importance of handling certificate updates in SQL Server/database connections. We appreciate you taking the time to share your idea—it's a valuable consideration as we strive to make our connectors as robust and seamless as possible. I'm going to confer with a colleague as to the reason why it's not automated and loop back to you.
We’ll be sure to keep you and the community updated here on any progress.
Thanks again for helping us make Fivetran better!
Best regards,
Pieter Humphrey -
Is there any update on this one. We're experiencing the same issue.
-
Hi Reuben & Joshua -
A few questions to clarify what's happening for you ----
Are you trusting end certs every time and that gets rotated frequently?
-
If so, can you trust the root cert?
-
-
If you are already trusting root cert and the root cert keeps changing frequently
-
Are these hosted CSP databases and so have default root CAs that Fivetran can directly trust?
-
-
-
Hi Peter - I'll start by saying that I am not very familiar with how certificates work in SQL Server so I am not sure I have answers to your questions.
This issue occurs every time a server is rebooted for monthly updates. Based on the info in the Fivetran error email, I am assuming that we are using a database-generated certificate.
It's a bit of a pain to have to go in and revalidate the certs every time this happens. This also occurs at night so no one is online to action until the morning.
We have plenty of other tools (BI, etc) that connect to SQL Server and Fivetran is the only one that breaks during this scenario.
-
Hi Peter - any update on this? This is a huge pain for us and causes connections to consistently break each month.
-
Hi Josh --
Please confer with a colleague on the answers to my previous questions if you'd like to proceed - thank you!
A database admin is likely to have those answers.
Also, AI is very helpful in researching these things!
We are likely unable to prioritize this as while convenient, it somewhat defeats the purpose of human review for important security, so I'm suggesting some workarounds, essentially. -
Hi Peter - I am following up with a colleague to get more clear answers, but for now I can tell you that the cert I see in Fivetran when I go to validate it is SSL_Self_Signed_Fallback which leads me to believe that they are database generated ones.
-
Thanks Josh -- reason for the workaround suggestions is that this request would degrade security if implemented as automatic acceptance of a changed source certificate. That behavior bypasses explicit certificate validation and effectively expands trust to a new server identity without customer confirmation.
-
Thanks Pieter, that makes sense. I was able to implement a workaround (calling the api to look for connections that need the certificate validated and then revalidate them) and it seems to be working.
Please sign in to leave a comment.
Comments
9 comments