Deprecated: Function set_magic_quotes_runtime() is deprecated in /usr/local/apache/sites/mcse.ms/htdocs/362/includes/class_core.php on line 1505 Call Stack: 0.0001 326800 1. {main}() /usr/local/apache/sites/mcse.ms/htdocs/362/archive/index.php:0 0.0003 327652 2. require_once('/usr/local/apache/sites/mcse.ms/htdocs/362/archive/global.php') /usr/local/apache/sites/mcse.ms/htdocs/362/archive/index.php:25 0.0005 328940 3. require_once('/usr/local/apache/sites/mcse.ms/htdocs/362/includes/init.php') /usr/local/apache/sites/mcse.ms/htdocs/362/archive/global.php:20 0.0013 403244 4. vB_Registry->vB_Registry() /usr/local/apache/sites/mcse.ms/htdocs/362/includes/init.php:43 0.0013 403900 5. vB_Input_Cleaner->vB_Input_Cleaner() /usr/local/apache/sites/mcse.ms/htdocs/362/includes/class_core.php:2337
Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /archive/global.php on line 26

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3113

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /includes/functions.php on line 3265
SSL Security error [Archive] - MCSE
PDA

View Full Version : SSL Security error

Allen
04-11-04, 09:51 PM
something
I have a problem connecting to Sql server 2000 using ssl from a .net web application. I keep getting the error message:

System.Data.SqlClient.SqlException: SSL Security error



Here's my config (development box):

Sql server 2000 Developer's Edition on windows XP pro
..net framework 1.1.4
mdac 2.71.9030.0


ssl configuration:
versign test certificate installed through IIS. The certificate has valid dates. I also imported the verisign root certificate (getcacert.cer) for testing into my "Trusted Root Certification Authories" store. This means when I go to IIS and hit a ssl p
age, I do not get a security warning since 1. the certificate name matches name in url 2. certificate has valid dates 3. the test CA is trusted since I imported the root cert into my trusted root store.


Senerios:
I go into my "client network utility" and "force protocol encryption". I use "Query Analyzer" to connect to one of my databases on the sql server that has the certificates installed. This connection is successful. I try to connect to another sql 2000
server running on another box that DOES NOT have certificates installed and the Query analyzer returns an error "Encryption not Supported". So at this point, I'm happy since it seems like the ssl connection to sql server is successful with Query Analyzer
. I try using Enterprise Manager now to connect to the ssl enabled sql server. Successful again! great! finally when I try to do it from my .NET Application, I get the dreaded "SSL Security Error". Here's the code for the .NET App:

Dim con As SqlConnection = New SqlConnection("SERVER=servername.domainname.com;DATABASE=dbname;U ID=username;PWD=pass;Encrypt=Yes")
con.Open() <--------------------------exception thrown here

If I remove "Encrypt=Yes" the connection is successful.

I tried using a Oledbconnection same results. I tried to use ODBC .net and an ODBCCOnnection. same error.

Then I tried to create a System DSN with "strong encryption for data". I tested the connection in the DSN Configurator....Click on "Test Data Source" button. Test Successful. BUt when I use this DSN from my .NET application I get the same error: "SSL S
ecurity Error".

I really would like to know if anyone has successfully used a ssl connection from a .net application?!!!??? It couldn't be the certificates! The certificates common name is fully qualified.....servername.domainname.com
The application runs on the same machine which the sql server runs, but I use the fully qualified servername in the connection string. (beside i did try to connect from a remote machine, after installed the root test certificates as trusted...still no lu
ck)
On the machine that the .net application is running, I've imported the root test certificate which was installed as the server. It is in as "Trusted Root Certification Authority". Query analyzer and Enterprise manager seem to work with the ssl encrypted
connection, so how could it be the certificates? Even on the webserver there's no security warning when I hit a https page (which means the certificates installed are trusted and valid). My tests were mainly done with the sql server and the .net server
on the same machine however I did try remote machines too with no luck. This machine has only 1 network card and 1 website in IIS. There's only 1 ssl certificate installed on this machine. Anyone have similar problems?????

THanks!
Allen
04-11-04, 09:51 PM
something
Ok I finally got it working, but I'm not sure what the problem is still. When I impersonate the application to be using a domain account (which is Administrator to the machine) it works. I tried to impersonate a local admin user and it still had the err
or message. The only way is to impersonate a domain account.

----- Allen wrote: -----

I have a problem connecting to Sql server 2000 using ssl from a .net web application. I keep getting the error message:

System.Data.SqlClient.SqlException: SSL Security error



Here's my config (development box):

Sql server 2000 Developer's Edition on windows XP pro
.net framework 1.1.4
mdac 2.71.9030.0


ssl configuration:
versign test certificate installed through IIS. The certificate has valid dates. I also imported the verisign root certificate (getcacert.cer) for testing into my "Trusted Root Certification Authories" store. This means when I go to IIS and hit a
ssl page, I do not get a security warning since 1. the certificate name matches name in url 2. certificate has valid dates 3. the test CA is trusted since I imported the root cert into my trusted root store.


Senerios:
I go into my "client network utility" and "force protocol encryption". I use "Query Analyzer" to connect to one of my databases on the sql server that has the certificates installed. This connection is successful. I try to connect to another sql 2
000 server running on another box that DOES NOT have certificates installed and the Query analyzer returns an error "Encryption not Supported". So at this point, I'm happy since it seems like the ssl connection to sql server is successful with Query Ana
lyzer. I try using Enterprise Manager now to connect to the ssl enabled sql server. Successful again! great! finally when I try to do it from my .NET Application, I get the dreaded "SSL Security Error". Here's the code for the .NET App:

Dim con As SqlConnection = New SqlConnection("SERVER=servername.domainname.com;DATABASE=dbname;U ID=username;PWD=pass;Encrypt=Yes")
con.Open() <--------------------------exception thrown here

If I remove "Encrypt=Yes" the connection is successful.

I tried using a Oledbconnection same results. I tried to use ODBC .net and an ODBCCOnnection. same error.

Then I tried to create a System DSN with "strong encryption for data". I tested the connection in the DSN Configurator....Click on "Test Data Source" button. Test Successful. BUt when I use this DSN from my .NET application I get the same error: "
SSL Security Error".

I really would like to know if anyone has successfully used a ssl connection from a .net application?!!!??? It couldn't be the certificates! The certificates common name is fully qualified.....servername.domainname.com
The application runs on the same machine which the sql server runs, but I use the fully qualified servername in the connection string. (beside i did try to connect from a remote machine, after installed the root test certificates as trusted...still
no luck)
On the machine that the .net application is running, I've imported the root test certificate which was installed as the server. It is in as "Trusted Root Certification Authority". Query analyzer and Enterprise manager seem to work with the ssl encr
ypted connection, so how could it be the certificates? Even on the webserver there's no security warning when I hit a https page (which means the certificates installed are trusted and valid). My tests were mainly done with the sql server and the .net s
erver on the same machine however I did try remote machines too with no luck. This machine has only 1 network card and 1 website in IIS. There's only 1 ssl certificate installed on this machine. Anyone have similar problems?????

THanks!
Allen
04-11-04, 09:51 PM
something
Hi Kevin,

I get the same results if I use the FQDN or the netbios name, however I did get everything straightened out. I think the problem had something to do with me having multiple certificates installed onto the machine. I had done so much tweeking that I forg
ot that at one point I did install a certificate to that local machine through MMC. I usually do it through IIS. Anyways I removed all certificates on the machine and started over. Installed 1 certificate (self generated certificate through ms certific
ate server) using IIS. The certificate has the FQDN and has valid dates and is trusted. I bounced sql server and viola....worked like a charm. I'm really excited about that! Works through query analyzer and through my .NET application (without any kin
d of impersonation) running on the default ASPNET windows user. I also have to remember to install the root certificates to all my client machines so the server certificate is trusted on each client.

The next thing I need to figure out is how to have 2 certificates (one for sql and one for my web users IIS). Its seems pretty clumsy if I install the sql certificate first, start sql server, then install the IIS certificate. That should work right? Bu
t what happens if i need to bounce sql server? Pretty troublesome. Thanks for you help!



----- Kevin McDonnell [MSFT] wrote: -----

When you connect to your server using your application does the behavior
change if you use the netbios name
of the SQL Server vs. the FQDN?

If you can successfully connect from IIS to SQL using Query Analyser, then
any application should be able to as well. As long as you're using the
same credentials.

"Then I tried to create a System DSN with "strong encryption for data". I
tested the connection in the DSN Configurator....Click on "Test Data
Source" button. Test Successful. BUt when I use this DSN from my .NET
application I get the same error: "SSL Security Error".
"
So testing while you're logged onto the machine allows the connection to
succeed. It's only from the .net application that fails. Test using a
Simple ASP page to verify that the connection is working. There's a sample
you can test with from the enclosed kb article. If the Sample ASP page
works, then we know it is something about the ASP.NET application.

319723 INF: SQL Server 2000 Kerberos support including SQL Server virtual
http://support.microsoft.com/?id=319723

Thanks,

Kevin McDonnell
Microsoft Corporation

This posting is provided AS IS with no warranties, and confers no rights.
Kevin McDonnell [MSFT]
04-12-04, 05:34 PM
something
From previous post:

"The next thing I need to figure out is how to have 2 certificates (one for
sql and one for my web users IIS). Its seems pretty clumsy if I install
the sql certificate first, start sql server, then install the IIS
certificate. That should work right? But what happens if i need to bounce
sql server? Pretty troublesome. "

SQL and IIS both can use the same certificate if SQL and IIS are on the
same machine. Both applications rely on certificates for Server
Authentication. Both applications require that the "Subject" is the fully
qualified domain name of the server.

The problem with SQL is that the server certificate is only read once. On
startup. Once the server is started, any changes to the certificate store
are not read.

If you have multiple certificates on the same machine, one issued to the
local user and one for SQL issued to the machine, you can tell SQL which
certificate to use by modifying the registry. I would only recommend doing
this if SQL fails to start.


Thanks,

Kevin McDonnell
Microsoft Corporation

This posting is provided AS IS with no warranties, and confers no rights.
vBulletin v3.6.2, Copyright ©2000-2010, Jelsoft Enterprises Ltd.