Post reply

SQL 2005 SSL Certificate HELP!

  • January 16, 2012 at 7:23 am

    #249090

    I have a certificate installed in the Certificates store on my server. It has the correct FQDN and has "Server Authentication" as the intended purpose. But, it does not show up under SQL Server Configuration Manager -> Protocols -> Certificates.

    I have read a dozen or so Microsoft docs, forums, etc but nothing has helped. I even tried pasting the thumbprint/hash into the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.x\MSSQLServer\SuperSocketNetLib\Certificate - but when I do that it and restart SQL, the event log says

    "Unable to load user-specified certificate. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.

    I have used httpcfg to configure this, as it describes - but was unsure what to use for the guid - I just generated a random one, but shouldn't this refer to something somewhere else???.

    The results of [font="Courier New"]httpcfg query ssl[/font] are:[font="Courier New"]

    IP : 10.0.0.1:21032

    Hash : e2ea48ec d822c5f 460 d62e489a03d57 f592c

    Guid : {9451a471-9ac0-4123-9318-7c162088cc79}

    CertStoreName : (null)

    CertCheckMode : 0

    RevocationFreshnessTime : 0

    UrlRetrievalTimeout : 0

    SslCtlIdentifier : (null)

    SslCtlStoreName : (null)

    Flags : 0[/font]

    So, it looks right - but I still can't start SQL Server (same event log message) and it still doesn't show the certificate in the Config manager. Any ideas?

    follow-up:

    I came across this which is supposed to grant the private key to the certificate. I am using the Admin account which is the same under which I installed the certificate, so the error message doesn't make sense...

    winhttpcertcfg.exe -l -c LOCAL_MACHINE\MY -s server.domain.com

    Microsoft (R) WinHTTP Certificate Configuration Tool

    Copyright (C) Microsoft Corporation 2001.

    Matching certificate:

    E=webmaster@domain.com

    CN=server.domain.com

    C=US

    Description=6g1wXikERqx0TYPX

    Error: Access was not successfully obtained for the private key.

    This can only be done by the user who installed the certificate.

  • January 19, 2012 at 8:20 am

    #1435902

    I solved this myself. I had installed the standard certificate (.cer) which did not contain the private key. I had to generate the PKCS12 file (.p12) and install this certificate instead.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply