Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
phenreid
Starting Member
29 Posts |
 Posted - 2010-08-29 : 03:09:49
|
| When following the MSDN instructions for implementing SSL-encrypted connections in SQL/Server results in connection error: "The Certificate chain was issued by an authority that is not trusted"Although the cert is issued by a trusted authority already in my certificate store, even when I export the whole chain and move it from server to client, same problem.I can get around this by using this in the connection string:TrustServerCertificate=yes;This works fine for access to databases, but does not allow me to get server and database properties. I get the same connection error as above or I get a connection error indicated that the CommonName doesn't match the cert (which it does except I am required to add the port number which might be throwing it off).When you click on server properties or database properties in SSMS, is that establishing a new connection with a different connection string than the connection dialog? Is there a way for me to specify the TrustServerCertficiate=yes; for the properties connection as well? |
|
|
Lumbago
Norsk Yak Master
3271 Posts |
Posted - 2010-08-30 : 02:54:56
|
| To be honest I have absolutely no idea what the answer to your question is but have you read this? Maybe you'll find an answer there...? -> http://support.microsoft.com/kb/316898- LumbagoMy blog (yes, I have a blog now! just not that much content yet) -> www.thefirstsql.com |
 |
|
|
Lumbago
Norsk Yak Master
3271 Posts |
|
|
phenreid
Starting Member
29 Posts |
Posted - 2010-08-30 : 03:25:03
|
| Yes, thanks. I read that and all similar articles and followed the steps exactly without success. I'd say I googled 30+ articles before posting here.I tried it again on another client machine (Win/7 this time). Same problem except this time I cannot check the encrypted connection box on the SSMS connection dialog -- that simply doesn't work (gives error that cert chain is not trusted and if I set trustserverproperties=yes; then it says that the common name doesn't match the cert -- but it does except maybe for the port number tacked on the end). I can only succeed by leaving this box unchecked and adding additional parameters: "TrustServerCertificate=yes;encrypt=yes;" (a pain to type in every time you go into SSMS). On this new machine it does let me look at my server and db properties, and so under connection properties, encryption, it says "No". BUT, I used a network analyzer to prove that encryption is in effect and if I query the connection properties with a SELECT statement it says that encryption_Option is set to true.Does anyone have a clue why I'm getting this cert trust problem and/or where I might find more help?Is it possible that the addition of a port number is what makes the common name not match the cert? If so, I wonder if it is possible to purchase a an SSL cert with the port number built into the FQDN, because usually when you request them they only want domain names and there's no place to put the port number.Thanks. |
|
|
|
|
|
|
|
|
SQL Server SSL