How to request certificate for using SQL Server SSL from standalone CA

Posted on 2012-09-21
Last Modified: 2012-10-03
I would like to test the implementing SSL on SQL server 2005. I have issued the certification from standalone CA on windows 2008 that is used for issuing certificate testing. The issued certificate has details as the following:

Version: V3
Issuer  : ca-servername-ca
Valid from :Thursday, September 20,2012
Valid to     : Frisay,September 21,2013
Subject     : sql-server-name-FQDN
Public key  : RSA(1024 Bits)
Enchanced Key : Server Authentication(
Key Usage : Digital Signature, Non-Repudiation, Key Encipherment,Data Encipherment (f0)

I installed this certificate on windows 2003 in "Computer account" under "Personal" folder. I have tested this certificate by opening, The general Tab shows Red Cross Mark (X) and message "The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered"

I opened the properties of  insatnce's protocol in the SQL Server manager, it dosn't show the certificate in the certificate dropdown list.

Please advice, what is wrong  this certificate

Question by:ladapa
    LVL 3

    Expert Comment

    It sounds like either a bad certificate or that it was incorrectly imported.  The server does not recognize it as a valid certificate.  Please refer to the following:

    To generate the certificate:

    To configure SQL for SSL:

    I hope this helps.

    Author Comment

    Thank you for your answer. Your information is helpful.

    Now I can issue the unbroken certifiicate  and install on the windows 2003 server with my computer account. I can see the installed certificate on SQL Server Configuration Manager, and I accept that certificate. But I got another problem, I could not start the SQL instance service if the service is logon with Local User Account, it can be started if the service is logon with Local System Account.

    How to grant privilege for Local User Account to access the certificate?

    I got this message in the eventlog when the  service is  failed start.

    1. "Unable to load user-certificate. The server will not accept a connection. ......." Event ID 26014

    2. "TDSSNIClient initialization failed with error 0x80092004, status 0x80." Event ID 17182

    Note that: Local User Account is the member of Administrator group.
    LVL 3

    Accepted Solution

    You may want to start the SQL Server service using a domain account, rather than a local account.  This will allow for centralized management as well as access to network resources if needed.  Also, please verify that the VIA protocol is disabled.  That is a hardware protocol that hardly anyone uses anymore.  VIA is very buggy.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    SQL Server engine let you use a Windows account or a SQL Server account to connect to a SQL Server instance. This can be configured immediatly during the SQL Server installation or after in the Server Authentication section in the Server properties …
    International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
    Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
    Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now