Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using Encrypt=yes in a Sql Server connection string -> "provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value."

Tags:

I'm using Encrypt=yes in a SQL Server connection string, as I need the TCPIP traffic to be encrypted, but on opening the connection I get an error:

A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value.) 

Any suggestions how to fix this? I assume I need some sort of certificate relationship between my servers, but have no idea where to start.

I need this for two connections, one each to a SQL 2000 server and one to a 2005 server.

like image 668
Chris Avatar asked Sep 09 '10 06:09

Chris


People also ask

How do I enable SSL certificate based encryption on a SQL Server?

In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for <server instance>, and then select Properties. On the Certificate tab, select the desired certificate from the Certificate drop-down menu, and then click OK.

How do I encrypt a SQL Server connection?

To encrypt a connection from SQL Server Management Studio: On the Object Explorer toolbar, select Connect, and then select Database Engine. In the Connect to Server dialog box, complete the connection information, and then select Options. On the Connection Properties tab, select Encrypt connection.

What is SSL error in SQL?

A common reason for receiving SSL related errors on a Microsoft SQL database connection is either due to the SQL servers TLS ciphers being updated (such as removing an older TLS version like 1.0 or 1.1), or perhaps when moving from one server environment over to a new environment.


2 Answers

Your database connection can be configured to encrypt traffic and to accept any certificate from your server. Not a grand solution, but it worked for me.

The resulting connection string should look like this:

"[...];Encrypt=True;TrustServerCertificate=True" 
like image 63
German Latorre Avatar answered Sep 22 '22 17:09

German Latorre


I realize this is pretty old, but thought this might still help someone.

If the server you are connecting to does not have a certificate installed, a default certificate number is generated each time the server is restarted. When this happens the CN number changes, and might not match the one you have.

I read this recently, but I'm still trying to find the link for you. I'd suggest you makes sure that the server you are connecting to has explicitly installed a certificate, and that your client has it too.

I'll update this as soon as I find the link.

like image 25
Vort3x Avatar answered Sep 24 '22 17:09

Vort3x