System.Data.SqlClient does not support wildcard certificates with SQL Server 2008 R2 Express - by Nicholas Piasecki

Status : 

  Fixed<br /><br />
		This item has been fixed in the current or upcoming version of this product.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 593800 Comments
Status Closed Workarounds
Type Bug Repros 0
Opened 9/2/2010 5:32:19 AM
Access Restriction Public


SQL Server 2008 R2 Express now supports using wildcard certificates ('*') for SSL-encrypted connections to the server. (Prior to this, the CN of the certificate had to exactly match the FQDN of the server [''].)

When SQL Server 2008 R2 Express is configured to use a wildcard certificate, then attempting to open a connection using System.Data.SqlClient.SqlConnection always results in the following error:

A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value.) (Microsoft SQL Server, Error: -2146762481)

(Setting TrustServerCertificate=True will avoid the error, but SQL Server Management Studio, which I suspect is using the .NET Framework classes underneath, will still error out a bit later in the login process.)

Importantly, connecting via ODBC or sqlcmd.exe works fine, so it seems to be a bug in the .NET Framework implementation when it comes to validating the CN name, as if it actually is comparing against the asterisk.

More discussion is available at the following locations:
Sign in to post a comment.
Posted by nivlag on 6/18/2012 at 10:46 AM
Can you tell me when this feature will be released in a .NET Framework version?
Posted by Microsoft on 3/12/2011 at 7:27 AM

Thanks reporting this issue. Although wildcard certificates are supported in SQL Server 2008 R2 Express, SqlClient in the current version of .NET Framework does not have the support the feature. However, we added support for the wildcard certificates in SqlClient and this feature will be available in a future release of .NET Framework.


Young Gah Kim
Development Lead
ADO.NET Managed Providers and DataSet Team

Posted by Microsoft on 9/2/2010 at 7:12 PM
Thanks for your feedback.

We are rerouting this issue to the appropriate group within the Visual Studio Product Team for triage and resolution. These specialized experts will follow-up with your issue.
Posted by Microsoft on 9/2/2010 at 5:01 PM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(