tags:

views:

858

answers:

2
Q: 

SQL Server encryption using self signed SSL certificate. Querying from ASP.NET 3.5.

I've created a self-signed cert for testing encryption between my web application and the SQL Server.

When attempting to query the database using "Encrypt=Yes;" in the connection string, I receive the following message:

A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)

Background
I received an identical message when first attempting an encrypted connection from management studio. This was resolved by installing the self-signed cert into my Trusted Certificate Authorities.

Question
Is there a way I can get ASP.NET to trust the certificate the same way my user account does?

A: 

Using impersonation works on my local development machine: <identity impersonate="true"/> (in system.web of my web.config)

Thus ensuring that when ASP.NET connected to the database, it used my user credentials, and my user trusts the self-signed cert.

Note - this fails if attempting to view the site on the development server.

nailitdown  2009-12-01 07:40:58
Is this an answer? If not, it's usually a good idea to delete this answer and post it as an update to your question. You can edit your own questions, you know.
Dave Van den Eynde  2009-12-01 07:54:31
It's an answer for some scenarios, but not a complete answer.
nailitdown  2009-12-01 08:09:32
A: 

OK the proper answer for this lay in adding the self-signed cert to the certificate store.

The wrong way
Installing the certificate by double-clicking the .cer file on the server
- This adds the cert for the currently logged in user only, which is why impersonation worked in some cases.

The right way
Using CertMgr.exe to install the certificate.
- You can find CertMgr.exe in a Windows SDK, or apparently in Visual Studio 2005's bin folder. It's not in VS2008.
- You must run CertMgr.exe under a Local Machine Administrator account. A Domain account with local administrator privileges will not work
- Run CertMgr.exe to add the certificate to the localmachine trustedpublishers stores, by running both of the following commands:
- certmgr /add Your.Certificate.Filename.cer /s /r localmachine root
- certmgr /add Your.Certificate.Filename.cer /s /r localmachine trustedpublisher

Also note you can't use wildcards when referring to the certificate filename. (/add *.cer will fail.)

nailitdown  2009-12-02 05:00:33

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?