locked
Failing to add SSL Cert to SQL Express 2012 SP3 RRS feed

  • Question

  • Have installed a valid SSL cert from RapidSSL but am not seeing it in SQL Server Configuration Manager which seems to be a common issue. Have tried the common resolutions but to no avail. I've added the SSL thumbprint to the registry key ending in SuperSocketNetLib but in doing so the SQL Server Service fails to restart. It would only start after I remove the thumbprint from the REG key.  I've confirmed the SSL has the correct "Enhanced Key Usage". the common name is in the Subject Usage area, it is within the Valid From and To dates.  This is a single server, no cluster. What might I be missing?

    RFreeman

    Tuesday, May 3, 2016 5:35 PM

Answers

  • Hi RFreeman,

    Based on your description, you are not able to see the certificate in SQL Server Configuration Manager. There are some proposals for your troubleshooting this issue.

        1.The certificate must be in either the local computer certificate store or the current user certificate store.

        2. Make sure the account running SQL Server has permission to read the certificate.

        3.The Subject property of the certificate must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer. Ensure that the hostname on your machine is like “example.com”.

    If the certificate is still be invisible, please follow the instructions in this blog to troubleshoot this issue.  Also make sure that you enable SSL encryption for your SQL Server instance following the steps in this KB article: https://support.microsoft.com/en-us/kb/316898.


    Thanks,
    Lydia Zhang


    Lydia Zhang
    TechNet Community Support


    Wednesday, May 4, 2016 2:21 AM

All replies

  • Hi RFreeman,

    Based on your description, you are not able to see the certificate in SQL Server Configuration Manager. There are some proposals for your troubleshooting this issue.

        1.The certificate must be in either the local computer certificate store or the current user certificate store.

        2. Make sure the account running SQL Server has permission to read the certificate.

        3.The Subject property of the certificate must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer. Ensure that the hostname on your machine is like “example.com”.

    If the certificate is still be invisible, please follow the instructions in this blog to troubleshoot this issue.  Also make sure that you enable SSL encryption for your SQL Server instance following the steps in this KB article: https://support.microsoft.com/en-us/kb/316898.


    Thanks,
    Lydia Zhang


    Lydia Zhang
    TechNet Community Support


    Wednesday, May 4, 2016 2:21 AM
  • Still are not able to see cert. Your #3 may be the issue. For our Subject Property we have computername.domain.com although this machine is not part of a domain, instead is in a Workgroup. Will that be the issue? Attaching the domain name of the company to the cert though the actual computer name does not include the domain name? Sorry for the obvious question but I just have to make sure.

    RFreeman

    Wednesday, September 7, 2016 6:56 PM
  • Bump.

    RFreeman

    Thursday, September 15, 2016 3:00 PM