diff --git a/.chloggen/sqlserver-x509-negativeserial.yaml b/.chloggen/sqlserver-x509-negativeserial.yaml
new file mode 100644
index 0000000000000..277c34f2974a7
--- /dev/null
+++ b/.chloggen/sqlserver-x509-negativeserial.yaml
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: receiver/sqlserverreceiver
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: SQL Server receiver now requires a positive serial number for X509 certificates.
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [38099]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: See known issues in README of `receiver/sqlserverreceiver` for more information.
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: [user]
diff --git a/receiver/sqlserverreceiver/README.md b/receiver/sqlserverreceiver/README.md
index 86b051cb02917..47427acbaf653 100644
--- a/receiver/sqlserverreceiver/README.md
+++ b/receiver/sqlserverreceiver/README.md
@@ -72,3 +72,10 @@ The full list of settings exposed for this receiver are documented in [config.go
 
 Details about the metrics produced by this receiver can be found in [documentation.md](./documentation.md)
 
+## Known issues
+SQL Server docker users may run into an issue that the collector fails to parse certificate from server due to `x509: negative serial number`. That's because we adopted Go `1.23` starting from contrib `v0.121.0`:
+> Before Go 1.23, ParseCertificate accepted certificates with negative serial numbers.
+> This behavior can be restored by including "x509negativeserial=1" in the GODEBUG environment variable.
+references:
+1. https://pkg.go.dev/crypto/x509#ParseCertificate
+2. https://github.com/microsoft/mssql-docker/issues/895