MySQL Connector/NET SSL shuts down the server

when I try to connect to my server through MySQL Connector/NET using SSL with PFX certificate I have a problem with establishing the connection. I开发者_高级运维 get a connection timeout. And the server probably fall down (I don't know it for sure, because I don't manage the server).

On the Windows XP it works all right but not on Windows 7.

Where is problem? In Windows 7 or on the server (MySQL 5.0)? Sometimes I get "Calling interface SSPI Failed" error, but not everytime. Sometimes only a connection timeout error.

XP and Windows 7 use different permission structures on certificates. If you're using a PFX from the Certificate Store, Win7 would ask for elevation when trying to make your connection. If you can't grant it -- if your application is headless, for example -- the connection would time out.

Open the certificate manager (try this) and look for the certificate you're using to authenticate to MySQL. You may need an available public key and your public key may have the wrong permissions. Look here for details on how to change permissions.

There's also a chance you may have your certificate in the wrong store, but this can also be fixed with the Certificate Store MMC snap-in.

If you're using your PFX from a file and importing it into the store is an option, try that. Otherwise you'll most likely need to set permissions on the certificate after import before connection.

The server logs, if available, could also give you information on why a your connection failed. Here are some options:

• If the server isn't seeing a certificate at all, it's likely a permissions issue on the client end in accessing the certificate.
• If the server sees a certificate but can't authenticate it, this is often a public key issue. The PFX format is a holder meta-format and not all PFX files contain the correct components. This could also clue you into what @Dremation said, your certificate may just not be installed on the server.
• There is also a chance that your clocks are unsynchronized. If you can check the server clock, make sure it's correctly and frequently synchronized to some standard clock. Then make sure your client is as well. The rule-of-thumb maximum skew is 5 minutes, so 2.5 minutes in opposite directions on the client and server would cause an authentication failure.
• There should be an option somewhere on your client to adjust the number of retry attempts. If this is a certificate error and you can get it to fail on the first attempt, at least you'll get a certificate error immediately, instead of the issue being wrapped in a connection timeout.