SQL Server 2008 – Installing and Configuring SSL Certificate for Encrypted Connections


SqlServer 2008 instance is installed on Windows Server 2008 and is running under this identity: NT AUTHORITY\NETWORK SERVICE

SSL cert from third-party CA has been installed in Local Computer\Personal cert store.

Server's FQDN is correctly displayed in cert's Issued to, Subject's CN & Certification path properties.

Key Usage = Digital Signature, Key Encipherment, Key Agreement (a8)

Enhanced Key Usage" = "Server Authentication (

I've used FindPrivateKey.exe to locate the cert in filesystem based on cert's thumbprint.

Using cacls.exe I've assigned Read&Execute and Read permissions to that cert for NETWORK SERVICE account.

In my SqlServer2008 error log I see the following log entry which matches the hash derived from FindPrivateKey.exe:

The certificate [Cert Hash(sha1) "F8A3B32F024198A981A785C44575E810D5425DD1"] was successfully loaded for encryption.

(I would think that this should mean the cert is installed correctly and ready for SqlServer to utilize.)

In Sql Server Configuration Manager\SQL Server Network Configuration\Protocols for MSSQLSERVER\Properties I've set "Force Encryption" to yes.

(but no certificate shows up in the "Certificate" tab. Some documentation I've read seems to indicate that you don't need to select a cert from that tab. I think it's strange that the cert doesn't appear there)

On the client side, if I select "encrypt connection" when connecting via MS Sql Management Studio I can connect. But the problem is I can also connect even if "encrypt connection" isn't selected.

Any clues what I may missing here?

Many thanks…

Best Answer

I figured out why the ssl certificate wasn't showing up under certificates in the Sql Server Configuration Manager options. I didn't have the Primary DNS suffix set so DNS wasn't fully resolving the server's FQDN to match the properties set in the certificate.