我在 Microsoft SQL Server 2012 Express Edition 上成功配置了 SSL,目的是加密通过 Internet 与数据库建立的外部网络连接。出于网络内部客户端的性能原因,我不想强制使用 SSL 并让客户端选择是否使用它。我通过以下步骤将强制加密设置为否:
- SQL Server 配置管理器
- SQL Server 网络配置
- (MYSQLSERVERNAME) 的协议(protocol)
- 右键单击:属性
- 标记标签。
当我尝试与 Microsoft Sql Server Management Studio 建立加密连接时,检查 Options 上的 Encrypt connection 选项 > Connection Properties 我得到了以下错误。
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (Microsoft SQL Server, Error: -2146893022)
值得注意的是,如果我在 Sql Server Configuration Manager 上选择Force Encryption 为Yes,而在 Microsoft Sql 上我没有选择Encrypt connection Server Management Studio 我可以连接到数据库。如果我执行查询:
select * from sys.dm_exec_connections
事实上 encrypt_option 列是 TRUE。
证书是用 Openssl 生成的,信息如下:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: Jun 9 15:53:18 2016 GMT
Not After : Jun 9 15:53:18 2018 GMT
Subject: C=US, ST=State, L=Location, O=Testing, OU=Development, CN=JOSEPH-ASUS
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:7F:58:DC:F7:D9:90:2A:DF:0E:31:84:5C:49:68:E7:61:97:D8:41
X509v3 Authority Key Identifier:
keyid:C9:5C:79:34:E0:83:B2:C7:26:21:90:17:6A:86:88:84:95:19:88:EA
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Alternative Name:
DNS:alternatename1, DNS:alternatename2, IP Address:192.168.1.100, IP Address:192.191.1.101, IP Address:192.168.1.103
Signature Algorithm: sha256WithRSAEncryption
...
当前操作系统是 Windows 10 家庭版。
我错过了什么?
最佳答案
我有同样的问题,并通过将 TrustServerCertificate=True; 添加到连接字符串得到解决。
关于sql-server - 带 SSL 的 MSSQL : The target principal name is incorrect,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37734311/