During MSSQL secure connection facing error: 0x8009030d. Check certificates to make sure they are valid

1

I'm trying to create a secure connection for my SQL server using certificate. I have generated CA certificate and used it to sign the subordinate certificate using XCA tool.

Installed the certificate in Local computer "Personal" store and CA in "Trusted Root Authorities" store. Also added the SQL server user in the "Manage Private Keys -> Security" option and given permission to SQL user for the "MSSQL" installation folder.

I could able to see the certificate in "SQl Server Configuration Manager -> SQL Server Network Configuration" and added the certificate. Set "Force Encryption" option as YES.

Now when i restart the SQL server, getting the following error:

The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x8009030d. Check certificates to make sure they are valid.

Starting up database 'model'.

Server name is 'VCE-W0031'. This is an informational message only. No user action is required.

Error: 26014, Severity: 16, State: 1. Unable to load user-specified certificate [Cert Hash(sha1) "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.

Error: 17182, Severity: 16, State: 1.

TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.

Error: 17182, Severity: 16, State: 1.

TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.

Error: 17826, Severity: 18, State: 3.

Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

I have created another CA and certificate using Openssl tool and insalled in Trusted Authorities and Personal stores respectively. Added this certificate in "SQl Server Configuration Manager -> SQL Server Network Configuration" and added the certificate. Set "Force Encryption" option as YES.

Without any further setting, i could able to run the SQL server and the encrypted connection is established when client is connected.

Please let me know why this error could happen in case of certificate generated using XCA, but not Openssl.

The question what i wanted to ask is, using a certificate which is signed by an existing certification authority instead of creating a CA with openssl could cause any issue?

sql-server
security
ssl-certificate
asked on Stack Overflow Feb 3, 2016 by JOE • edited Jun 20, 2020 by Community

1 Answer

0

Have the same issue: copied a personal certificate between two hives. The certificate was usable, but after reboot services failed to use it with this error: SEC_E_UNKNOWN_CREDENTIALS (0x8009030D).

Resolved by starting the Protected Storage Service and re-importing the certificate directly into the computer personal hive.

answered on Stack Overflow Feb 3, 2016 by gofr1

User contributions licensed under CC BY-SA 3.0