Have you ever encountered the error message “Unable to load user-specified certificate” while trying to start your SQL Server? If so, don’t worry, you’re not alone. In this blog post, we will discuss this error and provide a solution to fix it.

When facing SQL startup trouble, it’s always a good idea to start by checking the SQL Server ERRORLOG. This log file contains valuable information about any errors or issues encountered during the startup process. To locate the ERRORLOG file, you can use various methods, such as checking the SQL Server configuration manager or querying the registry.

Once you have located the ERRORLOG file, look for the error message similar to the following:

2018-08-04 14:21:46.02 Server Error: 26014, Severity: 16, State: 1.
2018-08-04 14:21:46.02 Server Unable to load user-specified certificate [Cert Hash(sha1) "73EF12.thumbprint.here.CA8DE"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.
2018-08-04 14:21:46.02 Server Error: 17182, Severity: 16, State: 1.
2018-08-04 14:21:46.02 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.

From the error message, it is clear that there is an issue with the certificate being used to start the SQL Service. In such cases, the first step is to check the registry key that stores the thumbprint of the certificate. The location of this key depends on the SQL Server version and instance name.

Here is the registry key for SQL Server 2016 (MSSQL14) and the default instance (MSSQLSERVER):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.14\MSSQLServer\SuperSocketNetLib\Certificate

If you are not using a certificate, you can try renaming the “Certificate” key to “Old_Certificate” and create a new entry (REG_SZ) called “Certificate” with no value (blank). This workaround should allow SQL Server to start successfully.

However, if you are using a certificate, it is important not to modify the key. Another possible reason for this error when using a certificate is that the SQL Server Service account does not have full permission on the certificate’s private key. To resolve this issue, you can grant full permission to the SQL Server service account by right-clicking on the certificate and selecting “Manage Private Key.”

By following these steps, you should be able to fix the “Unable to load user-specified certificate” error and start your SQL Server without any issues.

Remember, it’s always important to have a backup of your SQL Server and its configuration before making any changes to the registry or certificate settings.

We hope this blog post has been helpful in resolving the “Unable to load user-specified certificate” error in SQL Server. If you have any questions or need further assistance, feel free to leave a comment below.