Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> SQL Server >> SQL Server Data Access

trying to connect using forced encryption

Maybe someone can tell me what I am doing wrong:

I created my own SSL certificate and installed it on my server. I wrote a really simple VB.NET program to access the SQL Server using encryption. The connection string works fine inside my building (on our network) but when I take the application outside of the building and try to connect it fails.
Outside of the building, I add

Address=xx.xxx.xxx.xxx,1433;

to the connection string.

The attempt gives me the error:
a connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an untrusted authority

If I remove the encryption=True from the connection string, everything works outside the building but obviously without encryption.

I am doing this in a VB.NET windows application (not an internet app)

Thanks,
Ned

[922 byte] By [NedNed] at [2007-12-22]
«« SQL ExpresS OR additional Licenses?
»» Database Diagrams in SQL 2005
# 1

Which server address forum are you using? IP address, hostname or FQDN? It is possible that the DNS server return different server FQDN when you are out of your building or inside your building. You can try to see the difference by exec "ping -a servername" inside and outside your building. Such difference can cause the certificate verification to fail. Basically, the FQDN resolved by DNS when making connection needs to match the FQDN in the certificate.

http://blogs.msdn.com/sql_protocols/archive/2005/12/30/508311.aspx

If you only need to encryption the certificate, you can add " Trust Server Certificate = true" to workaround the issue.

http://msdn2.microsoft.com/en-us/library/ms131691.aspx

NanTu at 2007-8-30 > top of Msdn Tech,SQL Server,SQL Server Data Access...
# 2

Problem solved! Thanks for your suggestion. Yes, the problem is that I created the cert on the server and that server does not provide for someone outside the domain to verify the certificate. Once I set TrustServerCertificate=True, I was able to use the server. I guess the fully correct solution would be to issue the cert from a server that allows remote users to access and verify the certificate. Then I wouldn't need to change the connection string.

Thanks!

NedNed at 2007-8-30 > top of Msdn Tech,SQL Server,SQL Server Data Access...
SQL Server
SQL Server Data Access

SQL Server Hot Topic

SQL Server New Topic

SQL Server

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified