stackoom
  简体   繁体   中英

Using Encrypt=yes in a Sql Server connection string -> “provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value.”

 原文  2010-09-09 06:02:48       c#/ sql/ sql-server/ sql-server-2005/ ssl

Question

I'm using Encrypt=yes in a SQL Server connection string, as I need the TCPIP traffic to be encrypted, but on opening the connection I get an error:

A connection was successfully established with the server, but then an error
occurred during the pre-login handshake. (provider: SSL Provider, error: 0 -
The certificate's CN name does not match the passed value.)

Any suggestions how to fix this? I assume I need some sort of certificate relationship between my servers, but have no idea where to start.

I need this for two connections, one each to a SQL 2000 server and one to a 2005 server.

3 answers

solution1
 34  2012-05-21 08:21:58

Your database connection can be configured to encrypt traffic and to accept any certificate from your server. Not a grand solution, but it worked for me.

The resulting connection string should look like this:

"[...];Encrypt=True;TrustServerCertificate=True"

solution2
 11  2011-12-14 06:42:50

I realize this is pretty old, but thought this might still help someone.

If the server you are connecting to does not have a certificate installed, a default certificate number is generated each time the server is restarted. When this happens the CN number changes, and might not match the one you have.

I read this recently, but I'm still trying to find the link for you. I'd suggest you makes sure that the server you are connecting to has explicitly installed a certificate, and that your client has it too.

I'll update this as soon as I find the link.

solution3
 0  2021-04-08 13:42:18

You can't encrypt the the connection without also having a certificate installed on the Server. By default SQL Server will present a self signed certificate, and this is (and should be) rejected by clients.

Your options are:

a) The solution is to install a real certificate on the SQL Server:

Certificate Management (SQL Server Configuration Manager)

b) If you aren't able to install a real certificate on the SQL Server (a few $/year). You can issue a self signed certificate and trust this specific certificate on your client machines.

c) If you really do want to ignore this security problem. Please don't do this you do have the option to add an "ignore this security warning flag" ( TrustServerCertificate ) to the connectstring:

Encrypt=Yes;TrustServerCertificate=Yes

d) If you are using JDBC there is an addition connectstring property that can be used instead of TrustServerCertificate 

Encrypt=Yes;hostNameInCertificate=<myservername>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question The certificate's CN name does not match the passed value SQL Connection string Provider name Server Error in '/' Application.Connection string error.. provider name? How to solve Microsoft SQL Server. Error 233. Provider: SSL Provider MicrosoftConfigurationBuilders Connection String Provider Name Error (C#, Oracle) Azure (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server, pgsql The network path was not found. provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) Encrypt SQL Server connection string
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM