Re: SSL Certificate

I would check the SQL Server error log and the Windows event log to see if
there is a more detailed error there. Certificates have a start and end
date. Are you sure it's past the start date?

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Sullyds" <Sullyds@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0F775AE9-02C6-4150-9773-8918DE139193@xxxxxxxxxxxxxxxx
Sorry about the generic name... I just realized I didn't fill that part
out
completely.

One thing to squelch obvious gotchas:
The certificate is indeed designated to our FQDN.

There is an item I am curious about... the "Subject" line in the
certificate
has each of the LDAP parameters in a different order. In the old
certificate,
"CN" is first and "OU" is second. The new certificate has it reversed. I'm
pretty sure the order doesn't matter in most apps, but maybe in
MSSQL...???

"Sullyds" wrote:

We have been using SSL between SQL Server 2000 (SP4) and misc ODBC
clients
(mix of Access 2002 and some custom apps) for the past year. All has been
working well until it is time to renew our ssl certificate via XRamp:

We get our new SSL certificate installed, keeping the old one in the
Local
Computer/Personal store since there is a little overlap in time. We
changed
the registry key (binary:Certificate) to match the thumbprint of the new
certificate.
Yesterday, I reloaded SQL Server so the new certificate is in effect. All
ODBC clients are displaying some derivative of the error "SSL Security
error
:ConnectionOpen (SECDoClientHandshake())". I can connect via a non-secure
connection, however (bad for CC numbers. :()

I have since removed the old certificate on both clients and server,
reinstalled the new certificate on the clients, rebooted the server,
reloaded
the MSSQL service. Nothing yields results. The only avenue I have not
taken
is reinstalling the new certificate on the server, but this means my IIS
services need to be shutdown aswell since it is being used for my
websites
aswell.

Any ideas on this?


.

Relevant Pages

  • RE: 802.1x Authentication Fails
    ... Reason = The authentication request was not processed because the ... a default certificate is being sent to ... I queried the product team about this and they feel the server certificate ... which is causing the problem that the clients cannot ...
    (microsoft.public.internet.radius)
  • Re: Can this be done? Wireless Access w/o the use if CERTs
    ... a default certificate is being sent to user ... Could not retrieve the Remote Access Server's certificate due to the ... to use EAP-TLS but you don't have a server certificate. ... EAP-TLS requires certificates on clients and on the IAS server. ...
    (microsoft.public.internet.radius)
  • Re: trouble using SSL on WSUS
    ... clients according to the deployment guide. ... I configured the client to use the WSUS server through https. ... Schemes used: ... I've read on serveral sites that the server certificate has to be imported ...
    (Focus-Microsoft)
  • RPC over HTTP, Microsoft solution
    ... Exchange Server 2003 RPC over HTTP Deployment Scenarios ... Place a check in the box next to 'Certificate Services' and click 'Yes' ...
    (microsoft.public.exchange.setup)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)