RE: SQL Server & SSL & Fully Qualified Domain Name

From: BB (BB_at_discussions.microsoft.com)
Date: 07/22/04 

Date: Wed, 21 Jul 2004 16:52:02 -0700

thanks Kevin! here is the output:

c:\>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : sql
        Primary DNS Suffix . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix . :
        Description . . . . . . . . . . . : Intel(R) PRO/100 Server Adapter
        Physical Address. . . . . . . . . : 00-0D-61-49-E2-1A
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 207.53.225.47
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 207.53.225.1
        DNS Servers . . . . . . . . . . . : 207.53.225.47

So my fqdn is sql.www_domain.com right? As long as sql.www_domain.com points to this server?

I got a test cert from thawte installed using this format 'sql.www_server.com' and can start the server using 'Force Encryption' via the Server Connection Utility, I verified with NetMon that the transmissions are encrypted.

However when I remove the server force and apply the force on the Client Connection Utility - I get this : [DBNETLIB]SSL Security error.

I did some research and found that the client MUST trust the CA, and Thawte's temp certs arent trusted, so I attempted to import the test CA into my trust store, and see if that worked, and it did not. Although I am not sure I did it correct. I am wondering if this is fact the problem, that my client doenst fully trust the test cert, what do you think?

BB

"Kevin McDonnell [MSFT]" wrote:

> Hi Brian,
> The certificate subject name should be equal to the FQDN name of the
> server. So, if this server is not part of a domain, then
> it would be the Netbios name of the computer. Pinging the server should
> verify the name, or just using ipconfig /all.
>
> Thanks,
>
> Kevin McDonnell
> Microsoft Corporation
>
> This posting is provided AS IS with no warranties, and confers no rights.
>
>
>
>

Relevant Pages

  • Re: Got SPN?
    ... warning in EXBPA Report about "Missing FQDN in 'Default SMTP Virtual ... Server' service principal name". ... If your Exchange Server is using internal domain name to send mail, ... below to manually change it as Internet domain name. ...
    (microsoft.public.exchange.connectivity)
  • Re: You do not have permission to send to this recipient.
    ... You can enter the fqdn of whatever your public mx record is in the Fully ... Perform reverse dns lookup on incoming messages: ... Because it doesnt see my server when reversed, ... The ISP confirms that they have a reverse dns record set. ...
    (microsoft.public.exchange2000.general)
  • Re: Cross Post from ActiveSync Newsgroup - Problem Resolving Internal and FQDN Addresses when Us
    ... create a DNS zone on SBS for mail.thread.com, do not create a zone for ... parent' entry pointing to the internal IP of the server. ... with a Windows Mobile device in our SBS 2003 network. ... configuration to reference the FQDN? ...
    (microsoft.public.windows.server.sbs)
  • Re: Cross Post from ActiveSync Newsgroup - Problem Resolving Internal and FQDN Addresses when Us
    ... one 'same as parent' entry pointing to the internal IP of the server. ... configuration to reference the FQDN? ... ActiveSync does not support multiple profiles for ActiveSync. ... internet. ...
    (microsoft.public.windows.server.sbs)
  • Re: exim HELO=fully qualified host name?
    ... > The argument field contains the fully-qualified domain name of the ... > If the client gives a domain name that is not fully-qualified, ... I was talking more about the resolution of the FQDN (when the client ... and refusing my messages just because the server ...
    (Debian-User)
Quantcast