Article ID: 919710 - View products that this article applies to.
Consider the following scenario. An instance of Microsoft SQL Server 2005 is installed on a computer that is running Microsoft Windows XP or Microsoft Windows 2000. You try to connect to the instance. In this scenario, you receive one of the following error messages depending on the protocol that you use for the connection:
This problem occurs because a certificate that has the AT_SIGNATURE key specification is used for Secure Sockets Layer (SSL) encryption for the instance. A certificate that has the AT_SIGNATURE key specification cannot be used for SSL encryption in SQL Server 2005. On a computer that is running Microsoft Windows Server 2003, the certificate is recognized as not valid. Therefore, the SQL Server service does not load the certificate, and the service does not start. However, on a computer that is running Windows XP or Windows 2000, the SQL Server service loads the certificate, and the service starts successfully. This behavior causes the connection to fail.
To resolve this problem, use a valid certificate. You must use a certificate that has the AT_EXCHANGE key specification.
You can examine the key specification of the certificate by using the Certutil utility (Certutil.exe). To do this, follow these steps:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
We strongly recommend that you use SQL Server Configuration Manager to specify a certificate for an instance. SQL Server Configuration Manager displays only the certificates that are valid for use by the server. Therefore, you can avoid selecting a certificate that is not valid.
Article ID: 919710 - Last Review: November 20, 2007 - Revision: 1.2
Contact us for more help
Connect with Answer Desk for expert help.