help! SSL encryption

Question

help! SSL encryption

oui_dino

SSC Rookie

Points: 46
More actions
March 31, 2004 at 4:11 am

#86317

Hello all,
I'm new to SQL Server so please bear with me. I'm trying to set up SSL encryption on one of our servers. I followed the instructions on the microsoft support site (http://support.microsoft.com/default.aspx?scid=kb;EN-US;316898#3, http://support.microsoft.com/default.aspx?scid=kb;en-us;276553) and was able to install a server certificate. I tested the encryption initially by forcing the encryption from the server using the Server Network Utility, and enabling 'Forced Protocol Encryption'. Everything was fine up to here. The problem manifested when I tried forcing encryption from the client using the Client Network Utility on the client machine. Here is my setup:
Server:
Windows 2000 Advanced Server , SQL Server 2000 SP3a, 'Forced Protocol Encryption' on Server Network Utility disabled, server certificate (server authentication) installed
Client:
Windows 2000, MDAC 2.7, SQL Server Client Tools, 'Forced Protocol Encryption' on Client Network Utility enabled, server certificate (imported from the server, including the root CA) installed
When connecting to the server using Query Analyzer, I am getting the following error:
"Unable to connect to server testserver:
Server: Msg 18, Level 16, State 1
[Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error"
Any help will be much appreciated!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply

K. Brian Kelley SSC Guru Points: 114704 More actions · Answer 1

When you had force encryption turned on through the server, you connected just fine? Is that correct?

Also, you say you have the server certificate installed on the client. Do you also have the certificate for the root CA installed as well?

K. Brian Kelley
@kbriankelley

oui_dino SSC Rookie Points: 46 More actions · Answer 2

Yes that's right. I was able to startup the MSSQL service and connect to the server from a client machine with encryption enabled from the server. As for the certificate, I imported both the server certificate and the root CA. I had an existing root CA on my client machine, but removed it and replaced it with the one from the server. I got the root CA for the server from the certificate server, so I know that it's updated.