SSL Certificate missing from dropdown in SQL Server Configuration Manager
I am trying to configure SQL Server 2014 so that I can connect to it remotely using SSL. A valid, wildcard cert is installed on the server, and the cert's domain name (example.com) matches the server's FQDN (test.windows-server-test.example.com).
The problem is that in SQL Server Configuration Manager, the certificate is not listed, so I cannot select it.
That is, I am stuck on step 2.e.2 from this MS tutorial.
After communication in comments I can suppose that your main problem is the CN part of the certificate which you use. To have successful TLS communication for IIS Server one have no such strong restrictions like SQL Server has.
Microsoft require (see here) that The name of the certificate must be the fully qualified domain name (FQDN) of the computer. It means that the Subject part of the certificate looks like CN = test.widows-server-test.example.com, where test.widows-server-test.example.com is the FQDN of your computer. It's not enough that you use for example CN = *.example.com and Subject Alternative Name, which contains DNS Name=*.example.com and DNS Name=test.widows-server-test.example.com, DNS Name=test1.widows-server-test.example.com, DNS Name=test.widows-server-test2.example.com and so on. Such certificate will be OK for TLS, but SQL Server will discard it. See the article, which describes close problems.
I recommend you to create self-signed certificate with CN equal to FQDN of the SQL Server and to verify that the certificate will be seen by SQL Server Configuration Manager.
UPDATED: I analysed the problem a little more with respect of Process Monitor and found out that two values in Registry are important for SQL Server Configuration Manager: the values Hostname and Domain under the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
If I change Domain and Hostname to the values which corresponds CN of the certificate then the certificate will be already displayed in the SQL Server Configuration Manager. It could be not all problems, but it shows that SQL Server required much more as a web server (IIS for example).
UPDATED 2: I examined the problem once more in details and I think I did found the way how one can configure common SSL certificate which you already have (for example free SSL certificated from Let's Encrypt, StartSSL or some other).
It's important to distinguished what do SQL Server Configuration Manager from the configuration required by SQL Server. The Certificate tab of the properties of the Configuration Manager have more hard restrictions as SQL Server. I describe above only the restrictions of SQL Server Configuration Manager, but one can make configuration directly in the Registry to use more common SSL/TLS Certificate by SQL Server. I describe below how one can do this.
What one need to do one can in the Registry under the key like HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL12.SQL2014\MSSQLServer\SuperSocketNetLib, where the part MSSQL12.SQL2014 can be a little different in your case. The SQL Server Configuration Manager help us to set two values in the registry: ForceEncryption and Certificate:
The Certificate value is SHA1 hash which can be found by examining the properties of the certificate:
or extended properties of the certificate, which you see by usage certutil.exe -store My:
One need just copy the "Cert Hash(sha1)" value, remove all spaces and to place as the value of Certificate value in the Registry. After making the settings and restarting SQL Server windows service one will see in file ERRORLOG in C:\Program Files\Microsoft SQL Server\...\MSSQL\Log directory the line like
2016-04-25 21:44:25.89 Server The certificate [Cert Hash(sha1) "C261A7C38759A5AD96AC258B62A308A26DB525AA"] was successfully loaded for encryption.
- Need part of a string in column
- "The certificate chain was issued by an authority that is not trusted" when connecting DB in VM Role from Azure website
- What do Clustered and Non-Clustered index actually mean?
- Select first occurrence of a value per group with condition based on the most recent record of group
- Service Broker not working after database restore
- Get stored procedure output in desired XML format
- How can I solve a connection pool problem between ASP.NET and SQL Server?
- How to Join to first row
- Query runs quickly in Oracle SQL Developer, but slowly in SSRS 2008 R2
- Get 2 Digit Number For The Month
- How to find all the dependencies of a table in sql server
- Reset AutoIncrement in SQL Server after Delete
- Rows to columns SQL Server query
- Real life example, when to use OUTER / CROSS APPLY in SQL
- An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
- Error copying data from SQL Server to Redshift via a linked server connection
- Can I use Keyless Entity Types to query CHANGETABLE in Entity Framework Core?
- How to send decimal part with SQL_NUMERIC_STRUCT?
- Install/enable sqlsrv & pdo_sqlsrv drivers for php8.1 on ubuntu20.0
- Why can I not find a foreign key using the OBJECT_ID() function?
- Is it possible to update rows from a key/value pair?
- LIKE and NULL in WHERE clause in SQL
- Remote query, view and where clause performance
- SQL UPDATE TOP with ORDER BY?
- SQL : Check if primary key is foreign key
- Select by O(1) from SQL table
- SQL Server 2014 linked server to Pervasive database
- “Prevent saving changes that require the table to be re-created” Microsoft SQL Server
- The text, ntext, and image data > types cannot be compared or sorted, except when using IS NULL or LIKE > operator
- What's the best way to select the minimum value from several columns?