SQL Server Doesn't like my SSL Certificate's CN (Certificate Name) and refuses to use the Certificate.
Posted on 2011-05-03
Even if you don't know how to solve my specific problem, can you please tell me if my server settings are normal or are strange? That may help me fix the problem.
think my server settings and active directory settings are screwing up SQL Server 2008 and making reject my SSL certificate .
My Server Name is "DomainName".
My certificate is issued to "DomainName.com".
My active directory domain is "DomainName0".
SQL Server says that my certificate name does not match the passed in value when I connect to it using SSL in SMS object explorer. I'm connecting to it using SQL Authentication with server = "DomainName.com".In my DNS on my server (same machine) I only have one entry for "domainName" "Host (A)" that points to the ip address. I do not have an entry for "....com". Should I?
The error I get when trying to connect to SQL Server using SQL Authentication is:
"Failed to connect to server domainName.com"
"A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider: 0 - The certificate's CN name does not match the passed value.) (Microsoft SQL Server)"
I have the certificates stored in both the Local Computer Personal store and Trusted Root CA Store.
The certificate's intended purpose is "Server Authentication, Client Authentication"
I've enabled "Trust Server Certificate" in the SQL Server Configuration Manager.
The certificate doesn't show up in the list of certificates for SQL server, which means it doesn't like the Certificate Name compared to what it expects... but I cant' figure out what it expects.
To top it all off, the ssl connection *does*(!) work for the query window. If I force it to encrypt, it connects and queries just fine. No errors. No warnings, except that I had to enable "trust server certificate" to get it to work.