Unable to start SQL Server service with a specific certificate?
You may be aware that using SSL communications a HTTP server can have encryption for us, in this regard certificates must be authorized for server authentication. Microsoft recommends that you can do this by either obtaining an SSL certificate from a certificate-issuing authority, such as Verisign, or if for testing purposes, by using tools to issue and create a certificate yourself.
Certificate based connections can enable encrypted connections for an instance of the SQL Server Database Engine by specifying a certificate for the Database Engine using SQL Server Configuration Manager. Similarly the client must be able to verify the ownership of the certificate used by the server. If the client has the public key certificate of the certification authority that signed the server certificate, no further configuration is necessary. Microsoft Windows includes the public key certificates of many certification authorities. If the server certificate was signed by a public or private certification authority for which the client does not have the public key certificate, you must install the public key certificate of the certification authority that signed the server certificate.
Similarly you can encrypt the communication between your SQL Server and clients and rather start the SQL Server services using certficates. To perform this put the generated certificate into personal certificate store of sql server service account, set force encryption flag on server and restart SQL Server services. To perform this operation SQL Server 2005 has a new kind certificate called self-signed certificate, which means when server can not find a good cert to load in the cert store, it will load such a self-signed cert. In another word, you always can make encryption connection if you force server encryption, but, if you force client encryption, you will get error"certificate was not trusted" unless you specify trusting server cert through configuration. KBA900945 has more information on the certificate based authentication.
If you are not able to start the SQL Server services using this method of certificate the SQL Server service account must be running under Administrative privileges
**__________________________________**
SQL Server MVP, Sr. DBA & industry expert.
-
Knowledge is of two kinds. We know a subject ourselves or we know where we can find information on it. It is also a power and you will gain by sharing it.