SQL Server 2008 R2 Express now supports using wildcard certificates ('*.example.com') for SSL-encrypted connections to the server. (Prior to this, the CN of the certificate had to exactly match the FQDN of the server ['host.example.com'].)
When SQL Server 2008 R2 Express is configured to use a wildcard certificate, then attempting to open a connection using System.Data.SqlClient.SqlConnection always results in the following error:
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value.) (Microsoft SQL Server, Error: -2146762481)
(Setting TrustServerCertificate=True will avoid the error, but SQL Server Management Studio, which I suspect is using the .NET Framework classes underneath, will still error out a bit later in the login process.)
Importantly, connecting via ODBC or sqlcmd.exe works fine, so it seems to be a bug in the .NET Framework implementation when it comes to validating the CN name, as if it actually is comparing against the asterisk.
More discussion is available at the following locations: