SSL Security Error
Noah Subrin
I am running SQL Server 2000 SP1 on a Windows 2000 Server with Service Pack
2 installed. On the server, under SQL Server Server Network Utilities, I
have "enable encryption" selected under the "multiprotocol" protocol. On the
client side ("client network utilities") , when I select "force protocol
encryption" for the "multiprotocol" protocol I receive the following error -
connection error - "Reason:SSL Security Error" - ConnectionOpen
(SECDoClientHandshake).
Has anyone seen this issue?
Thanks,
Noah
Dinesh T K
The error is because you don't have a certificate installed in the fully
qualified DNS name of the server that's
valid for SSL.
Dinesh.
"Noah Subrin" <no...@e-scripts-md.com> wrote in message
news:OTGvw6NqBHA.1928@tkmsftngp07...
Noah Subrin
The certificate is installed for the fully qualified DNS name in this case.
Noah
"Dinesh T K" <dine...@usa.net> wrote in message
news:uq87VDOqBHA.2304@tkmsftngp07...
Dinesh T K
If so...may be theres some mistake in the certificate install.Refer the
needed portions of this documentation....
Installation instructions for SQL Server 2000 and SSL
-----------------------------------------------------
SQL Server 2000 supports server side certificates for
authentication as well as the encryption of client/server
connections. It does not support client side certificates
for authentication of the client. In order to authenticate
client connections an entry would have to be made in the
firewall software that only enables connections from a
specified list of clients.
In order to install a server certificate the following is
needed,
- SQL Server 2000 SP 1 (at a minimum)
- A valid SSL Certificate for server authentication
-- Must be for the fully qualified machine name, i.e.
<myMachine.domain.com
- The trusted root certificate must also be installed
- SQL Server 2000 Resource Kit (setCert.exe utility)
The steps to install would be,
- Go into IIS MMC plugin
-- Request a certificate for a particular Web Server
(Directory Security/Certificates)
-- Import the response (*.cer)
- Go into the setCert.exe utility
-- Select the recently imported certificate
-- Restart SQL Server 2000
In order to enable encryption of the SQL connection from a
client,
- Go into the client network utility
-- Select 'Force Encryption'
-- All client side requests will ask the server to encrypt
the communications
For the server to always force client encryption,
- Go into the server network utility
-- Select 'Force Encryption'
-- All client side requests will ask the server to encrypt
the communications without it having being specified in
the client network utility
Dinesh.
"Noah Subrin" <no...@e-scripts-md.com> wrote in message
news:OrCTMNOqBHA.2560@tkmsftngp04...
Noah Subrin
Which documentation are these instructions from, the SQL BOL or the Resource
Guide?
Thanks,
Noah
"Dinesh T K" <dine...@usa.net> wrote in message
news:eS5DCUOqBHA.1880@tkmsftngp07...
Dinesh T K
I dont know. I collected the same from thse newsgrps.
were they of any help?
Dinesh.
"Noah Subrin" <no...@e-scripts-md.com> wrote in message
news:u3dD9SRqBHA.1860@tkmsftngp04...
Noah Subrin
I can get encryption to work when it is turned on at the server. When it is
off at the server and forced on at the client I am still getting the
"secdoclienthandshake error".
Thanks,
Noah
"Dinesh T K" <dine...@usa.net> wrote in message
news:OdVN2OdqBHA.2564@tkmsftngp04...
Dinesh T K
When you force it at the client , then that means its the client who is
making the
request for encryption and its needed that the client must trust the server.
For that to happen
you may have to export the certificate present on the server and then import
it into the folder named
"Trusted root cert. authorities"(or so ?) present on the client.
This requirement is not needed when its "ON" at the server.
Dinesh.
"Noah Subrin" <no...@e-scripts-md.com> wrote in message
news:OOeMqgdqBHA.1036@tkmsftngp03...