This topic provides information about configuring certificate information for SQL Server connections. Note the following:
- For SQL Server certificates, you must use the machine FQDN for the Subject (for example, CN=LR-0292ED-MSA.my.domain.com). The short hostname or IP address does not work. l
- The certificate must contain the Server Authentication enhanced key usage value (–eku 188.8.131.52.184.108.40.206.1) and the key exchange attribute (-sky exchange). If your server certificate does not have these properties, the certificate will not show up in the SQL Server Configuration Manager’s Certificates dropdown (see below). The SQL Server Configuration Manager will look in both LocalMachine and CurrentUser MY stores for certificates to use.
To configure a server certificate and set the Force Protocol Encryption option for SQL Server
- Use the SQL Server Configuration Manager’s Server Network Utility to enable Force Protocol Encryption on the server.
- Click the Certificate tab, and select your server certificate from the Certificate menu.
- Restart SQL Server.