Hello
I think that I have read every paper on the Internet about SSL and SQL
2000 and have "pains takingly" tried to implement every suggestion.
1. I have a certificate from Thawte installed on a Windows 2000 server
that also has SQL 2000 installed.
2. The name of the certificate is a FQDN.
3. I can set Force Encryption on the Server side, restart the SQL
Server and it starts normally.
4. I use network monitor and can see network traffic encrypted between
client and server.
5. When I turn off Force Encryption with the "server utility", I
restart the SQL Server.
6. I turn on Force Encrytion on the client side.
7. I try to connect to the server with SQL Query and get an SSL Error.
8. There is only one certificate on the server.
9. I set the "friendly name" on the certificate to the FQDN.
10. I have viewed the certificate and I see no errors and the path
looks good.
11. I think that I have all the SPs installed.
I am assuming that the certificate is installed correctly because when
I set Force Encryption on the server, SQL Server starts with no
problem.
When I reset Force Encryption with the "server utility" -- restart the
SQL Server -- and set Force Encryption with the "client utility", I get
the "SSL error" when I try to log in with Query analyzer.
Because the SQL Instance and the client application are on the same
machine, and because I can see the Thawte Server CA under the Authority
tab, that the client trusts Thawte. Out of desperation, I even tried to
do an export and import using IE -- though I did not think that was
necessary because both client and server are on the same mchine.
This should not be this difficult
Any help is greatly appreciated.
Thanks
Hi
I can't say I have tried this but BOL states (second sentence):
"SSL encryption works only with instances of SQL Server 2000 running on a
computer that has been assigned a certificate from a public certification
authority. The computer on which the application is running must also have a
root CA certificate from the same authority"
John
"norrad" wrote:
> Hello
> I think that I have read every paper on the Internet about SSL and SQL
> 2000 and have "pains takingly" tried to implement every suggestion.
> 1. I have a certificate from Thawte installed on a Windows 2000 server
> that also has SQL 2000 installed.
> 2. The name of the certificate is a FQDN.
> 3. I can set Force Encryption on the Server side, restart the SQL
> Server and it starts normally.
> 4. I use network monitor and can see network traffic encrypted between
> client and server.
> 5. When I turn off Force Encryption with the "server utility", I
> restart the SQL Server.
> 6. I turn on Force Encrytion on the client side.
> 7. I try to connect to the server with SQL Query and get an SSL Error.
> 8. There is only one certificate on the server.
> 9. I set the "friendly name" on the certificate to the FQDN.
> 10. I have viewed the certificate and I see no errors and the path
> looks good.
> 11. I think that I have all the SPs installed.
> I am assuming that the certificate is installed correctly because when
> I set Force Encryption on the server, SQL Server starts with no
> problem.
> When I reset Force Encryption with the "server utility" -- restart the
> SQL Server -- and set Force Encryption with the "client utility", I get
> the "SSL error" when I try to log in with Query analyzer.
>
> Because the SQL Instance and the client application are on the same
> machine, and because I can see the Thawte Server CA under the Authority
> tab, that the client trusts Thawte. Out of desperation, I even tried to
> do an export and import using IE -- though I did not think that was
> necessary because both client and server are on the same mchine.
>
> This should not be this difficult
> Any help is greatly appreciated.
> Thanks
>
|||Hello
Thanks
The Thawte Server CA is a trusted certification authority. It is
loaded by default with 2000 and because both SQL Server and Client are
on the same box, I should be ok and SQL server does start with the
certificate assigned.-- though I am sure that I am doing something
stupid.
Thanks for taking the time to respond. I have been working on this off
and on for two weeks. I see others with the same problem, I try to be
very carefull and implement the suggestions -- but still I get SSL
error
John Bell wrote:[vbcol=seagreen]
> Hi
> I can't say I have tried this but BOL states (second sentence):
> "SSL encryption works only with instances of SQL Server 2000 running on a
> computer that has been assigned a certificate from a public certification
> authority. The computer on which the application is running must also have a
> root CA certificate from the same authority"
> John
> "norrad" wrote:
|||Hi
I found these by searching the security news group
microsoft.public.sqlserver.security, the first one gives step by step details
on how to enable SSL on a client, you may actually want to try this on a
stand alone client to make sure that nothing else is encrypted, doing it on
the server will force encryption of other things such as DTS packages run
through xp_cmdshell etc.. The second article also states "For the client to
request the SSL encryption, the client computer must trust the server
certificate and the certificate must already exist on the server" You may
want to post the exact error number and message you are getting.
276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
Server
http://support.microsoft.com/?id=276553
316898 HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft
http://support.microsoft.com/?id=316898
319349 BUG: Turning On the 'Force Protocol Encryption' Option Is
Irreversible
http://support.microsoft.com/?id=319349
John
"norrad" wrote:
> Hello
> Thanks
> The Thawte Server CA is a trusted certification authority. It is
> loaded by default with 2000 and because both SQL Server and Client are
> on the same box, I should be ok and SQL server does start with the
> certificate assigned.-- though I am sure that I am doing something
> stupid.
> Thanks for taking the time to respond. I have been working on this off
> and on for two weeks. I see others with the same problem, I try to be
> very carefull and implement the suggestions -- but still I get SSL
> error
>
> John Bell wrote:
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment