Microsoft KB Archive/839617

= BUG: You cannot connect to an instance of SQL Server on a server computer after you turn on SSL encryption on the SQL Server client computer =

Article ID: 839617

Article Last Modified on 3/20/2007

-

APPLIES TO


 * Microsoft SQL Server 2000 Standard Edition

-





SYMPTOMS
When you enable Secure Sockets Layer (SSL) encryption by turning on the Force protocol encryption option on the Microsoft SQL Server client computer, and you try to connect to an instance of SQL Server on a server computer, you may not be able to connect to that instance of SQL Server. Additionally, you may receive the following error message:

Error 0x800b010f (CERT_E_CN_NO_MATCH) returned by CertVerifyCertificateChainPolicy!

[12:52:31.555] ConnectionOpen(Supersock): FAILed in SECDoClientHandshake, Error 0x800b010f

Note You can set the Force protocol encryption option by using the Client Network Utility on the SQL Server client computer.

This problem may occur if the following conditions are true:  A server authentication certificate is installed on the server computer that is running SQL Server.  The subject string of the server authentication certificate includes e-mail address information. The subject string may appear similar to the following:                CN =  OU =  O =  L =  S =  C =  E = xyz@microsoft.com  The CN is not at the end of the subject of the server authentication certificate. Multiple CNs are in the subject of the server authentication certificate.</li></ul>

<div class="workaround_section">

WORKAROUND
To work around this problem, turn off SSL encryption on the SQL Server client computer, and then turn on SSL encryption on the SQL Server server computer. To turn on the Force protocol encryption option on the SQL Server server computer, use the Server Network Utility. To do this, follow these steps.

Note Do not turn on the Force protocol encryption option on both the SQL Server client computer and the SQL Server server computer.
 * 1) Start Server Network Utility.
 * 2) In the Server Network Utility dialog box, click the General tab.
 * 3) On the General tab, click Force protocol encryption.
 * 4) Click OK.

Warning If you turn on SSL encryption on the server computer that is running SQL server, all the SQL Server client computers must connect to the SQL Server server computer by using SSL encryption.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="references_section">