Microsoft introduced a new High Availability, Disaster Recovery functionality called AlwaysOn that replaces the previous Database Mirroring.
As of Secret Server 8.5.000000, Secret Server is fully compatible with AlwaysOn and with SSL connections to the database.
When using AlwaysOn, it is recommended to enable the multi-subnet failover setting (shown below) when configuring the database connection to point to the listener.
For previous versions of Secret Server, 8.4.000004 and lower, there are limitations to supporting AlwaysOn with SSL Connections to the database. The .NET Framework 3.5 does not support Subject Alternative Names in certificates when connecting to the database. In most cases SSL Database certificates are setup so that the Common Name of the certificate is the fully qualified domain name, and a Subject Alternative Name is added for each of the AlwaysOn listener end points.
Due to this limitation in the .NET Framework 3.5, Secret Server cannot work with AlwaysOn and Database SSL connections at the same time. If attempted, you will receive an error like this:
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value.)
It is recommended to upgrade to the latest version to use Database SSL with AlwaysOn.