Post reply

ssl with wildcard certificate

  • October 2, 2012 at 4:22 pm

    #393292

    Hello all,

    I have SQL Server 2012 and want to encrypt my connections by using a wildcard (*.domain.com) ssl certificate from a trusted party. After installing my certificate i want to selecti in in de SQL Server Configuration Manager but the certificate does not appear in the properties of protocols.

    In older versions it was possible to add the thumprint of my certificate to the registry, but in this version that result into a sql server that cannot be started anymore.

    Any people over here who have ideas how to fix this?

    Best regards

    Mike

  • October 3, 2012 at 2:01 am

    #1544717

    Is the starting problem due to error 26014 ?

    If so, read this:

    http://nickstips.wordpress.com/2010/09/08/sql-ssl-and-sql-server-2008-service-doesnt-start-error-code-2146885628/

  • October 3, 2012 at 8:37 am

    #1544960

    No unfortunaltly i recieve error code 17182 TDSSNICLient initialization failed with error 0xd, status code 0x38.

    Reason: an error occured while obtaining or using the certificate for SSL. Check settings in configuration Manager. The data is invalid.

  • October 3, 2012 at 8:45 am

    #1544972

    You probably wont have much luck unless someone else has used wildcard certificates on 2012.

    Try resolving the error, this thread has a solution (for SQL2005) at the very end:

    http://social.msdn.microsoft.com/forums/en-US/sqldatabaseengine/thread/cd738c81-578f-457d-a521-93f34026ece8

    It might be something similar

  • October 3, 2012 at 10:09 am

    #1545043

    I dont think the problem is wildcard certificate related.

    I also tried to use a self signed certificate, but this also not works...

    same errors

    Mike

  • June 15, 2014 at 12:28 am

    #1721780

    Hi,

    If you did not put your FQDN in the CN field this is the problem.

    So can be solved easily.

    But when we use a wildcard certificate we have to put something

    like *.mydomain.com in the CN field of the certificate,And when we do it the certificate can not be displayed in the Certificate DropDown of the Protocols for MSSQLSERVER Properties.

    This is the problem I have 🙁

  • January 2, 2015 at 9:06 am

    #1767418

    Hello,

    have you maybe solved your problem with wildcard certyficate visibility in SQL Server Configuration Manager?

    Regards

  • January 2, 2015 at 9:47 am

    #1767432

    Yeah I'd also like to hear if this issue has been resolved.

    Watch my free SQL Server Tutorials at:
    http://MidnightDBA.com
    Blog Author of:
    DBA Rant – http://www.MidnightDBA.com/DBARant

    Minion Maintenance is FREE:

  • March 23, 2017 at 12:32 am

    #1934444

    The only way to utilize a wildcard certificate on a SQL Server 2012 installation is to manually edit the registry.

    Open up the follow key in regedit: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer\SuperSocketNetLib.
    * Note, if you are setting the certificate for a named instance of SQL Server, adjust the yellow portion of registry path, listed above, to match your SQL Server Instance Name.

    Look for the "Certificate" value within this key. If it does not exist, right click the right pane, select New -> String. Set the name to "Certificate". Select "Certificate", right click and choose Modify. Paste in the SHA1 hash for your wildcard certificate, with no colons, no spaces.

    Now, look for value named "ForceEncryption". If it doesn't exist, create it as a new DWORD. Set the value to "1".

    Now, restart your SQL Server instance and you should be good to go.

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply