I'm using Encrypt=yes
in a SQL Server connection string, as I need the TCPIP traffic to be encrypted, but on opening the connection I get an error:
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value.)
Any suggestions how to fix this? I assume I need some sort of certificate relationship between my servers, but have no idea where to start.
I need this for two connections, one each to a SQL 2000 server and one to a 2005 server.
In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for <server instance>, and then select Properties. On the Certificate tab, select the desired certificate from the Certificate drop-down menu, and then click OK.
To encrypt a connection from SQL Server Management Studio: On the Object Explorer toolbar, select Connect, and then select Database Engine. In the Connect to Server dialog box, complete the connection information, and then select Options. On the Connection Properties tab, select Encrypt connection.
A common reason for receiving SSL related errors on a Microsoft SQL database connection is either due to the SQL servers TLS ciphers being updated (such as removing an older TLS version like 1.0 or 1.1), or perhaps when moving from one server environment over to a new environment.
Your database connection can be configured to encrypt traffic and to accept any certificate from your server. Not a grand solution, but it worked for me.
The resulting connection string should look like this:
"[...];Encrypt=True;TrustServerCertificate=True"
I realize this is pretty old, but thought this might still help someone.
If the server you are connecting to does not have a certificate installed, a default certificate number is generated each time the server is restarted. When this happens the CN number changes, and might not match the one you have.
I read this recently, but I'm still trying to find the link for you. I'd suggest you makes sure that the server you are connecting to has explicitly installed a certificate, and that your client has it too.
I'll update this as soon as I find the link.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With