Home Dashboard Directory Help
Search

System.Data.SqlClient does not support wildcard certificates with SQL Server 2008 R2 Express by Nicholas Piasecki


Status: 

Closed
 as Fixed Help for as Fixed


2
0
Sign in
to vote
Type: Bug
ID: 593800
Opened: 9/2/2010 5:32:19 AM
Access Restriction: Public
0
Workaround(s)
view
0
User(s) can reproduce this bug

Description

SQL Server 2008 R2 Express now supports using wildcard certificates ('*.example.com') for SSL-encrypted connections to the server. (Prior to this, the CN of the certificate had to exactly match the FQDN of the server ['host.example.com'].)

When SQL Server 2008 R2 Express is configured to use a wildcard certificate, then attempting to open a connection using System.Data.SqlClient.SqlConnection always results in the following error:

A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value.) (Microsoft SQL Server, Error: -2146762481)

(Setting TrustServerCertificate=True will avoid the error, but SQL Server Management Studio, which I suspect is using the .NET Framework classes underneath, will still error out a bit later in the login process.)

Importantly, connecting via ODBC or sqlcmd.exe works fine, so it seems to be a bug in the .NET Framework implementation when it comes to validating the CN name, as if it actually is comparing against the asterisk.

More discussion is available at the following locations:

http://social.msdn.microsoft.com/Forums/en-US/sqldataaccess/thread/3c4748f3-3c4c-4487-94fc-9469d14ca712

http://serverfault.com/questions/176595/sql-server-2008-r2-express-wildcard-ssl-certificate
Details
Sign in to post a comment.
Posted by nivlag on 6/18/2012 at 10:46 AM
Can you tell me when this feature will be released in a .NET Framework version?
Posted by Microsoft on 3/12/2011 at 7:27 AM
Hi,

Thanks reporting this issue. Although wildcard certificates are supported in SQL Server 2008 R2 Express, SqlClient in the current version of .NET Framework does not have the support the feature. However, we added support for the wildcard certificates in SqlClient and this feature will be available in a future release of .NET Framework.

Thanks,

Young Gah Kim
Development Lead
ADO.NET Managed Providers and DataSet Team

Posted by Microsoft on 9/2/2010 at 7:12 PM
Thanks for your feedback.

We are rerouting this issue to the appropriate group within the Visual Studio Product Team for triage and resolution. These specialized experts will follow-up with your issue.
Posted by Microsoft on 9/2/2010 at 5:01 PM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)
Sign in to post a workaround.
File Name Submitted By Submitted On File Size  
Program.cs 9/2/2010 1 KB