Home MVC Storefront

SQL Server SSL Error: ConnectionOpen (SECDoClientHandShake())

Saturday, October 15 2005 - Blog

Wow, this one sucked! It dropped my SQL Service completely and ALL of my sites went offline (except for my blog here, which runs on XML - good job guys!).

The problem, it turns out, is very specific: if you have installed an SSL certificate for your machine that has expired, this error will occur. More specifically - if you have used SelfSSL and used your machine's name as the issuer, you're in for trouble. If you have SQL installed on the same box and the cert expires (which it does by default after 30 days) then you will see the above error.

The fix is pretty simple - remove the certificates from the machine store (using the MMC with the certificates snap-in for your computer) and then restart SQL.

What an amazingly stupid bug!

Rod Carr avatar
Rod Carr says:
Tuesday, November 29, 2005
Thank you! Same problem. Don't know if I would have thought of that. I reissued using a 10 year cert using
selfssl /v:3650. Should take care of this problem for a while...

Ragged avatar
Ragged says:
Wednesday, July 11, 2007
This is the exact problem we are experiencing having used SSL - good to know you fixed.

The problem we have now, is trying to work out which certificates are SSL and which are there from before.

Would you be kind enough to provide some guidelines on this? It would be immensely useful info for a lot of people who find themselves in this sticky position.

Ragged avatar
Ragged says:
Wednesday, July 11, 2007
This is the exact problem we are experiencing having used SSL - good to know you fixed.

The problem we have now, is trying to work out which certificates are SSL and which are there from before.

Would you be kind enough to provide some guidelines on this? It would be immensely useful info for a lot of people who find themselves in this sticky position.

sondlerd avatar
sondlerd says:
Sunday, July 29, 2007
great post... i have been waisting time with this issue.

thanks!!


© 2008 Rob Conery. Use of this site is mostly free, but I might ask for a beer or 2 if you steal things from it. All rights reserved - whatever those rights are. Does anyone ever write "All writes let go"?
Search Me
Subscribe

Index Of MVC Screencasts

You can watch all of the MVC Screencasts up at ASP.NET, and even leave comments if you like.
Popular Posts
 
My Tweets
  • @haacked must.... resist... assimilation...
  • Dinner at the Haacks. How did Phil get such a cute kid? Evidently Phil's in the doghouse though...
  • @shanselman dude turn off twitter and drive! that's gotta be illegal!
  • For D'Arcy and Justice... Scottgu goes Canuck! http://twitpic.com/mfz1
  • Working in ScottGu's office with @shanselman. Wearing an Orange Polo and saying "go ahead" a lot for some reason.
  About Me



Hi! My name is Rob Conery and I work at Microsoft. I am the Creator of SubSonic and was the Chief Architect of the Commerce Starter Kit (a free, Open Source eCommerce platform for .NET)

I live in Kauai, HI with my family, and when my clients aren't looking, I sometimes write things on my blog (giving away secrets of incalculable value).