Hi,
i've enabled the certification authentication login i use SQL 2K5 ENT
my problem is like that: in the client network utility i check the Force protocol encryption and connect
to the server the client can't connect because he doesn't have the certificate install on his machine which it's OK.
the problem is when i remove the Force protocol encryption on the client he connect successfully without the
certificate install on his machine or any thing.
i double check that on the server i've YES on the Force Encryption in the protocols For MSSQLSERVER.
why is that?
THX
Hi Avi,
To clarify, SQL Server does not support any certificate authentication -- certificates are used to facilitate SSL encryption only. When encryption is forced on the client-side, the client will perform server validation to ensure that the certificate came from the correct host. In order for this validation to succeed, the client must trust the root signing authority of the certificate. If the server, and not the client, enforces encryption, then the client will not perform server validation. Furthermore, if a certificate hasn't been provisioned on the server machine, the server will use its self-generated cert for channel encryption. Obviously, the self-generated cert would fail server validation (see this post for more details: http://blogs.msdn.com/dataaccess/archive/2005/08/05/448401.aspx) so this is something to watch out for when forcing client-side encryption. I believe that this explains the behaviour that you are seeing.
Il-Sung.
No comments:
Post a Comment