Re: SSL setup problems
From: Bala Neerumalla[MSFT] (balnee_at_online.microsoft.com)
Date: 02/29/04
- Previous message: Bala Neerumalla[MSFT]: "Re: Login failed for user 'IIS'. Reason: Not associated with a trusted SQL Server connection."
- In reply to: AG: "SSL setup problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 Feb 2004 19:43:00 -0800
Please remember that the server certificate should be in the personal folder
of the service account, if you place it in the personal folder of Computer
account then the SQL Service account should have administrator rights on the
machine. If you would like to specify the certificate in the registery key,
then create a BINARY value (not String value) with name Certificate and
enter the Certificate thumbprint.
Regarding encryption not working in spite of enabling "Force Protocol
Encryption", I would suggest you to check if you enabled it for proper
Instance. One way to check it is if Encrypt DWORD value is set to 1 under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\SuperSocketNet
Lib (will be different for named instances).
Please let me know how it goes.
Bala.
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "AG" <anonymous@discussions.microsoft.com> wrote in message news:2984C76E-7EBA-4F17-A091-C3354B6E67F6@microsoft.com... > I am having problems getting SSL to work. I have trawlled through various other posts and knowledge base articles but have run out of ideas. I have a SQL Server the service accounts are running as a local account. I created a standalone CA on another server, i requested certificates from this ca using http (following q276553 instructions) and i can see it correctly using certificates mmc in the personal certificates folder (but i can't see it in IE personal certificates?). The certificate has the correct FQDN name of the sql server. I set the server network option to force encryption (only tcp/ip is used). When this is done the sql services start without error but I can connect using clients which do not have the certificate and using our network sniffing tools can see the data is not encrypted. > I have looked in the registry as in Q318605 and there was no certificate key. If I add one in and enter the thumbnail of the certificate i get an error when sql starts saying cannot find valid certificate. Does anyone have an ideas as i am pulling my hair out here? > > Thanks
- Previous message: Bala Neerumalla[MSFT]: "Re: Login failed for user 'IIS'. Reason: Not associated with a trusted SQL Server connection."
- In reply to: AG: "SSL setup problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
