Skip to content

SQL Fails to start after SSL cert install

06/01/2017

I came into this issue when i was resolving Nessus Vulnerability.

SSL Self-Signed Certificate (57582)

I generated a proper cert using the webserver templatye for my internal CA and used the FQDN as the Subject. Imported the cert and applied it via SQL configuration manager, then restarted SQL. Sometimes it started but failed to accept connections, other is wouldn’t start.

Windows could not start the SQL Server (%sqlserverninstancename%) on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code – 2146885628

  1. First we need to find the name of the service account used by the instance of SQL Server. It will probably be something like ‘SQLServerMSSQLUser$[Computer_Name]$[Instance_Name]‘.
  1. One way to do this is to navigate to the installation directory or your SQL Instance. By default SQL Server is installed at C:\Program Files\Microsoft SQL Server\MSSQL10_50.InstanceName.
  2. Right click on the MSSQL folder and click Properties.
  1. Click the Security tab and write down the user in the Group or user names window that matches the pattern of ‘SQLServerMSSQLUser$[Computer_Name]$[Instance_Name]‘.
  2. Now, open the Microsoft Management Console (MMC) by click Start -> Run, entering mmc and pressing Enter.
  3. Add the Certificates snap-in by clicking File -> Add/Remove Snap-in… and double clicking the Certificates item (Note: Select computer account and Local computer in the two pages on the wizard that appears.
  4. Click Ok.
  1. Expand Certificates (Local Computer) -> Personal -> Certificates and find the SSL certificate you imported.
  1. Right click on the imported certificate (the one you selected in the SQL Server Configuration Manager) and click All Tasks -> Manage Private Keys…
  1. Click the Add… button under the Group or user names list box.
  1. Enter the SQL service account name that you copied in step 4 and click OK.
  1. By default the service account will be given both Full control and Read permissions but it only needs to be able to Read the private key. Uncheck the Allow Full Control option.
  2. Click OK.
  3. Close the MMC and restart the SQL service.
Advertisements

From → Security, Windows

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: