Home » SQL Server

SSL Encryption - SQL Server 2005 - Certificate not showing

Here is the issue we are having:

We are trying to enable SSL encryption for an instance of SQL server 2005.

Here is the document as our reference. http://support.microsoft.com/kb/316898

Step by step, we installed SSL certificate in MMC and everything looks OK, but when we go to SQL server configuration manager, from certificate tab, we can't find any certificate from the drop down list.

We installed SSL certificate in the Personal container under the computer account and the SQL Service account.

We named the SSL certificate the same way we named the server.

Thank you.

4 Answers Found


Answer 1

Please check the certificate  you installed is valid by using the follow steps:
1. Open the Certificates snap-in. To do this, see step 1 in the "How to Configure the MMC Snap-in" section.
2. In the Certificates snap-in, expand Personal, and then expand Certificates.
3. In the right pane, locate the certificate that you installed.
4. Determine whether the certificate meets the following requirements:
 a) In the right pane, the value in the Intended Purpose column for this certificate must be server  Authentication.
 b) In the right pane, the value in the Issued To column must be the server name.
5. Double-click the certificate, and then determine whether the certificate meets the following requirements:
 a) On the General tab, you receive the following message:
     You have a private key that corresponds to this certificate.
 b) On the Details tab, the value for the Subject field must be server name.
 c) The value for the Enhanced Key Usage field must be Server Authentication (<number>).
 d) On the Certification Path tab, the server name must appear under Certification path.
If any one of these requirements is not met, the certificate is invalid.

If there are any more questions, please let me know.

Answer 2

Hello Xiao Min Tan,

I have a wildcard certificate  *.domain.com set in my personal certificates for Local Computer, Service (SQL Server (MSSQLSERVER)) and Service (SQL Server Agent (MSSQLSERVER)).

Issued To: *.domain.com
Issued by: Equifax Secure Certificate Authority
Expiration Date: 9/21/2014
Intended Purposes: Server Authentication
Friendly Name: <None>
Status: <blank>
Certificate Template: <blank>

It also states the following: "You have a private key that corresponds to this certificate."

Subject: CN = *.domain.com
             OU = Domain Control Validated - RapidSSL(R)
             OU = See www.rapidssl.com/resources/cps (c)09
             OU = GTXXXXXX
             O = *.domain.com
             C = US

Enhanced Key Usage: Server Authentication (
                                Client Authentication (

It meets all the requirements you stated.

What is wrong?

Thank you.


Answer 3

Here is the issue we are having:

We are trying to enable SSL encryption  for an instance of SQL server  2005.

Here is the document as our reference. http://support.microsoft.com/kb/316898

Step by step, we installe SSL certificate  in MMC and everything looks OK, but when we go to sql  server configuration manager, from certificate tab, we can't find any certificate from the download list.

We installed SSL certificate in the Personal container under the computer account and the SQL Service account.

We named the SSL certificate the same way we named the server.

Thank you.

Now I understand more about it, The link you provided is very useful.

Answer 4

This topic may be helpful: http://support.microsoft.com/kb/316898 Note the section under troubleshooting where it discusses the problem - After you successfully install the certificate, the certificate  does not appear in the Certificate list on the Certificate tab. 


Hi all,



We are currently encountering an error regarding SSL certificates for SQL Server 2005.


Action Done: Install self-signed certificate to SQL Server

Error Triggered: (Details below) every time a client computer connects to the SQL server.



Event ID: 17385

Description: Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed. Please upgrade your client library. [CLIENT:]


We suspect it is caused by their Symantec Checkpoint anti-virus. Can you please verify what are the possible causes and resolution?


Thank you very much!


I had imported SSL certificate through MMC to local computer account and the certificate reflected in the ‘Protocols for MSSQLServer’. Encryption worked fine with the certificate.

Then I deleted certificate from local computer store and imported again (through MMC). But no certificates are shown in Microsoft Configuration Manager. I am not able to add certificate to SQL Server.

I followed the steps in the below URLs



Can someone help?


I need SSL encryption for sql server database for ODBC access so that I am trying to do the  enable of ssl encryption for sql server(2008).

I am able to do enforce for encryption at server level but unable to do at client side and it gives the error-----A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value.) (.Net SqlClient Data Provider).

pls do the needful.



I wish to know whether or not by default MS SQL Server 2005 Std or Ent edition will encrypt the communication over the network by default?

As, when we test out the database activity monitoring solution to capture the SQL traffics from the network, we are unable to see the DB user name and Source Program but SQL statements is able to seen. According to the vendor, it is due to the nature of MS SQL Server 2005 that encrypt the communication by default. But, why is it only encrypted the DB user name and Source Program but not the SQL statement?

Can someone provide me the answer? Is that true what the vendor claims?






I am creating a symmetric key in our SQL Server 2005 database (using SQL Server 2005 inbuilt encryption functionality).

I want a vendor to use the same key / algorithm to encrypt data they will be sending to us so I am able to decrypt it when we receive it.

How do I send the symmetric key to the vendor ?

Thanks in advance.


Hai All,


 I want to do Encryption and Decryption in SQL Server 2005. I'm using the follwing coding:


Insert tblSymmetrictblEmp ([SYM_Id],[SYM_Designation],[SYM_Firstname],[SYM_Department])values
 encryptbykey(key_guid('SymmetrictblEmp'),'29'), 'Vadivel'


The Value gets inserted but the field [SYM_Firstname] is Blank.. Not even Null. Its just Empty. Can anyone help on this ???



I have applied ssl certificate to SSRS 2008.It does not show https url to few tabs & links like New data source,upload file under contents tab.Also it does not show https link for history & subscription tab.

Further I have modified the SecureConnectionLevel=3 in RSReportServer.config & change AuthenticationType to RSWindowsBasic.Now it shows the https link to all tabs.But it pop-up for user name & password for eachtime.How can I remove the pop-up for user name & password?

Any help will be appreciated.

Thank you.



this clickonce for report builder, can i use it for sql server standard edition 2005 with sql server 2005 sp3?

i found a lot of article but they did not make me clear if i can use it or if i need some other application or hotfix to use it.




My current version of SQL server is Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86)   Nov 24 2008 13:01:59   Copyright (c) 1988-2005 Microsoft Corporation  Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

I want to upgrade this to Enterprise edition. I would like to know the below information please

step by step instructions on how to perform this upgrade I have databases & replications setup on this server. Will the upgrade have any adverse effects on the current replication setup?

Any help and guidance is truly appericiated. Thanks.

Hi. I just upgraded my server from SQL Server 2005 Standard edition to SQL Server 2005 Enterprise edition (http://benchmarkitconsulting.com/colin-stasiuk/2009/06/03/sql-server-2005-edition-upgrade/). Then applied the service pack again. After the computer restart, when i opened the replication monitor to check then effect this upgrade had on my replications, i got below error when i open the Subscription Detail window. any suggeestions/workaround to correct this shall be very much appericiated. Thanks

TITLE: Replication Monitor

Replication Monitor could not open the Detail Window.


Specified cast is not valid. (ReplicationMonitor)




when created the required keys and certificate, i have encountered an error where:

Msg 15465, Level 16, State 1, Line 1 The private key password is invalid.

Example step

Step 1: create an empty database

Step 2: execute the command as below: [create the certificate from backup file:]




FROM FILE = 'J:\Test\Test Encryption File\cert.cer'
WITH PRIVATE KEY (FILE = 'J:\Test\Test Encryption File\private.pvk',


Can you assist me any step i have missing.. or any possible this error is occurring..


I need to disable all purposes for a specific Root CA certificate due to some SSL chaining issues we're experiencing in our environment.  IE...  Go to "Edit Properties" on the details tab of an SSL certificate and select the "Disable all purposes for this certificate" radio button.  I'm assuming that the appropriate namespace to use would be System.Security.Cryptography.X509Certificates, but I cannot find any way to modify this specific setting programatically.  Any help would be greatly appreciated.  If there's any way to do this using command line tools or any other means that would be appreciated as well...

X509Store xStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine); 
X509Certificate2 xCert = xStore.Certificates.Find(X509FindType.FindBySerialNumber, "344ed55720d5edec49f42fce37db2b6d", false)[0]; 


I have a custom ClientCredentials Behavior. But during the call there's no SSL client certitificate sent.

I am setting it like this:

System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindBySerialNumber,"2f"); echo.Endpoint.Behaviors.Remove(typeof(ClientCredentials)); echo.Endpoint.Behaviors.Add(new BinarySecurityTokenX509ClientCredentials());

During Call I see my behavior added but the -  ClientCertificate is null although SecurityToken GetTokenCore returns a certificate. What's wrong?

 Here's my SecurityTokenProvider:

publicclass BinarySecurityTokenX509ClientCredentials : ClientCredentials


  publicoverride SecurityTokenManager CreateSecurityTokenManager()


  // return custom security token managerreturnnew MyUserNameSecurityTokenManager(this);


  protectedoverride ClientCredentials CloneCore()


  returnnew BinarySecurityTokenX509ClientCredentials();



 publicclass MyUserNameSecurityTokenManager : ClientCredentialsSecurityTokenManager


  public BinarySecurityTokenX509ClientCredentials myUserNameClientCredentials;

  public MyUserNameSecurityTokenManager(BinarySecurityTokenX509ClientCredentials myUserNameClientCredentials)

  : base(myUserNameClientCredentials)


  this.myUserNameClientCredentials = myUserNameClientCredentials;


  publicoverride SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)


  // if token requirement matches username token return custom username token provider// otherwise use base implementationif (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate)


   returnnew KKK();






  //throw new Exception("Unsupported tokenRequirement requested: " + tokenRequirement.TokenType);



 publicclass KKK : SecurityTokenProvider


  protectedoverride SecurityToken GetTokenCore(TimeSpan timeout)


  X509Certificate2 credentialCert = Program.getX509TokenFromSTS();  

  returnnew X509SecurityToken(credentialCert);




I'm trying to find a good (working) document which explains how to setup and configure SSL for a clustered SQL server instance. I am currently running 2k5 however I need whatever I learn/implement to work on 2k8.

Please point me to the best one.


Dear Members,

I am trying to install SQL Server 2008 on the same server which has SQL Server 2005. During the installation it will ask me where to install the files for the software, masterDB,etc.

Should this be pointed to the same location where the SQL Server 2005 files are located as I am actually planning to upgrade the existing SQL server 005 or should I point them to a different location so that SQL Server 2008 and 2005 can coexist on the same server?

Later on I would then be able to migrate using the copy database wizard.


S Mitra.


I'm trying to create a linked server from SQL Server r2 to SQL Server 2005 (both 64 bit Enterprise) using the following script

 EXEC master.dbo.sp_addlinkedserver
 @server = N'TestLS'
 ,@provstr='Integrated Security=SSPI;';

I verified that the Kerberos is working.

When I try to run a four part query as below it gives me the error

Msg 18456, Level 14, State 1, Line 1
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
OLE DB provider "SQLNCLI10" for linked server "TestLS" returned message "Invalid connection string attribute".

If I try to set up the linked server against localhost (i.e. SQL 2008 R2, it works just fine).



We need to secure a SQL server using an SSL certificate and I understand there are a couple of ways of doing it.  One of which is having SQL Server generate a self-signed certificate which exposes the man-in-the-middle attack vulernability.  Thus we want to avoid this approach.  My question is, can we just allow the Windows Server 2003 we are running to be configured to be a Ceriifcate Authority and ust it create an SSL certificate.  Is that just a secure as getting an SSL certificate from a third party company such as Verisign?  If it is better to go with a third party company, how do you get a certificate from them when it is not going to be used for a website?




I was following instruction below to publish our Sharepoint Foundation 2010 through ISA 2006 Standard Edition.

It worked through the URL www.company.com. However ever since the SSL was installed on Sharepoint server, when accessing it internally through https://{server name} link, the browser returned a warning:

There is a problem with this website's security certificate. 
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. 

The user can click "Continue to this web" to access the site, but it is annoying and it appeared "not secured" to an end user.  I know this came from the fact that the certificate is using www.company.com as CN, but there must be some fixes that I could apply to eliminate that warning when accessing internally, right?


(I asked this on microsoft.public.inetsdk.programming.webbrowser_ctl, but got no response, so maybe here is better)

Periodically the question comes up regarding how to access the security SSL/TLS server certificate of a webpage using Internet Explorer/WinInet. E.g.:
"InternetGetCertByURL always returns FALSE" <ut$2jL9YKHA.5144@TK2MSFTNGP05.phx.gbl>

"Certificate Informatin Dialog" (InternetShowSecurityInfoByURL)

While trying to look at this problem, however, I found three additional undocumented exports from wininet.dll 7.0.6000.21183:

Does anyone know what these might do, and what the function signatures are? Could these be used to get the SSL server certificate PCERT_CONTEXT items?



Hi All, I have a windows service running on Windows 2008 server, when I set the service to log on as Local System account, it works fine and does the ssl certificate authentication.

Where as when I change the service to log on to a different account it fails with the authentication error.

Could some one please help me here.



<< Previous      Next >>

Microsoft   |   Windows   |   Visual Studio   |   Sharepoint   |   Azure