SQL SSL encryption connection error The target principal name is incorrect

sakuraime 2,341 Reputation points
2021-03-19T02:25:35.443+00:00

I have a faliover cluster SQL 2012 , and I have a self install Certificate Auth (CA) on one of my server under the same domain . I generate a certificate with CN=sqlvname.domain.com and also SAN for the FQDN of the physical nodes.

While I use the SSMS on the cluster node , it can successfully connect , (Encrypt connection) .

However on other server , also use SSMS to connect , to sqlvname.domain.com, it says
79454-image.png

any issues can think of ???

with using Trust certificate, it can connect. But I remember , we should not Trust the certificate , and let the client to verify the cert.

SQL Server Other
{count} votes

1 answer

Sort by: Most helpful
  1. AmeliaGu-MSFT 14,006 Reputation points Microsoft External Staff
    2021-03-22T08:03:48.577+00:00

    Hi sakuraime,

    To enable an SSL certificate on a SQL Server cluster, have you specified the certificate used by SQL Server to encrypt connections in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.x\MSSQLServer\SuperSocketNetLib\Certificate? This key contains a property of the certificate known as thumbprint that identifies each certificate in the server. In a clustered environment, this key will be set to Null even though the correct certificate exists in the store.
    And for the client to request the SSL encryption, the client computer must trust the server certificate and the certificate must already exist on the server.
    Please refer to How to enable SSL encryption for an instance of SQL Server and How to Enable SSL Certificate-Based Encryption on a SQL Server Failover Cluster which might help.

    Best Regards,
    Amelia


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.