When the msdsn configuration is given a path to a certificate file and encryption is set to strict, the connection should be allowed if the certificate matches. The host name in the connection can be ignored and an override using HostNameInCertificate should not be required.