爲了加密通過Internet創建的數據庫的外部網絡連接,我在Microsoft SQL Server 2012 Express Edition上成功配置了SSL。由於網絡內部客戶端的性能原因,我不希望強制使用SSL,而是讓客戶端使用它或不使用它。我設置強制加密到沒有通過以下步驟:帶SSL的MSSQL:目標主體名稱不正確
- SQL Server配置管理
- SQL Server網絡配置
- 協議(MYSQLSERVERNAME)
- 權點擊:屬性
- 標誌選項卡。
當我嘗試建立與Microsoft SQL Server Management Studio中檢查加密連接上選項>連接屬性我收到以下錯誤選項加密連接。
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (Microsoft SQL Server, Error: -2146893022)
什麼是引人注目的是,如果我選擇強制加密作爲SQL Server配置管理是,我不選擇上的Microsoft SQL Server Management Studio中加密連接我可以連接到數據庫。如果我執行查詢:
select * from sys.dm_exec_connections
事實上列encrypt_option是TRUE。
的證書與OpenSSL的產生,這是信息:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: Jun 9 15:53:18 2016 GMT
Not After : Jun 9 15:53:18 2018 GMT
Subject: C=US, ST=State, L=Location, O=Testing, OU=Development, CN=JOSEPH-ASUS
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:7F:58:DC:F7:D9:90:2A:DF:0E:31:84:5C:49:68:E7:61:97:D8:41
X509v3 Authority Key Identifier:
keyid:C9:5C:79:34:E0:83:B2:C7:26:21:90:17:6A:86:88:84:95:19:88:EA
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Alternative Name:
DNS:alternatename1, DNS:alternatename2, IP Address:192.168.1.100, IP Address:192.191.1.101, IP Address:192.168.1.103
Signature Algorithm: sha256WithRSAEncryption
...
目前的操作系統是Windows 10家。
我失蹤了什麼?
我也有這個問題。類似的情況。在OpenSSL中創建的證書(可能不正確)。差異:SQL Server 2014開發人員版,Windows 7. –
順便提一下,服務器上的「強制加密」和客戶端上的「強制加密」以及SSMS中的「加密連接」之間的差異如下所述:https://social.msdn.microsoft。 com/Forums/sqlserver/en-US/bde679d9-ff83-4fa7-b402-42e336a97106/force-encryption-on-sql-server-not-working?forum = sqlsecurity –