Re: SQL Server & SSL
From: John Alderson (jalderson@nospam.adelphia.net)
Date: 11/03/02
- Next message: Javier Rosas: "Change user name"
- Previous message: Ricky Artigas: "Re: Is my password visible when opening a standard user connection from visual basic?"
- In reply to: Peter Borg: "Re: SQL Server & SSL"
- Next in thread: Antonio Tirado: "Re: SQL Server & SSL"
- Reply: Antonio Tirado: "Re: SQL Server & SSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Alderson" <jalderson@nospam.adelphia.net> Date: Sun, 3 Nov 2002 12:00:08 -0500
Peter & Antonio,
If you are using Windows 2000, try the Certificates Snap-In to generate the
CSR for a server cert and to retrieve/install it. The IIS wizard simply is
a wrapper on top of the lower level Protected Storage and CryptoAPI
functionality which is also available in the Certificates MMC snapin. Once
you have the cert, you'll then have to worry about which context to install
it to - depending on which context you are running your SQL Server as. The
best way security-wise is as a non-administrative level user account.
You'll need to make the cert available to this user (or whatever user) by
installing it into their personal store. The cert can be available via
multiple store locations I believe. You can also grant access to various
store locations with the winhttpcertconfig utility available with the
WinHTTP SDK and now I believe the Platform SDK. Might also be part of the
MSXML 4.0 SDK.
Good luck,
John Alderson
"Peter Borg" <peter@grouptech.com> wrote in message
news:1b5701c280fa$da88e860$37ef2ecf@TKMSFTNGXA13...
> Sue,
>
> I too am searching for a solution to this issue - I posted
> the "how to generate a CSR from SQL" post yesterday. The
> two articles you reference in you response to Antonio only
> work if you are running a certificate server on your
> internal network. I am trying to use a Verisign
> certificate and need SQL to generate a CSR (Certificate
> Signing Request). Are you aware of how to do this when the
> certificate authority is a third-party vendor? The best
> option I have found is to install IIS on the SQL Server,
> use IIS to generate the CSR, and then uninstall IIS. This
> method will allow for the correct fully qualified domain
> name on the certificate. However, I am hoping for a
> cleaner solution.
>
> Thanks in advance for any help you can provide.
>
> Peter
> >-----Original Message-----
> >Are these certificates the same you use for your web
> >servers? Do you know if Verisign issues SSL certs for SQL
> >Server?
> >
> >
> >
> >
> >>-----Original Message-----
> >>A couple you may want to read:
> >>HOW TO: Enable SSL Encryption for SQL Server 2000 with
> >>Certificate Server
> >>http://support.microsoft.com/?scid=kb;en-us;Q276553
> >>
> >>HOW TO: Enable SSL Encryption for SQL Server 2000 with
> >>Microsoft Management Console
> >>http://support.microsoft.com/default.aspx?scid=kb;en-
> >us;Q316898
> >>
> >>-Sue
> >>
> >>On Wed, 30 Oct 2002 07:25:59 -0800, "Antonio Tirado"
> >><atirado@vepica.com> wrote:
> >>
> >>>Hi! I'm trying to install a SSL certificate for my SQL
> >>>Server, to provide a secure DB over the internet to
> >>>customers outside the building. Is there any link
> >>>available that would describe the process just like the
> >>>one that does it for IIS?}
> >>>
> >>>
> >>>Thanks in advance.
> >>>
> >>
> >>.
> >>
> >.
> >
- Next message: Javier Rosas: "Change user name"
- Previous message: Ricky Artigas: "Re: Is my password visible when opening a standard user connection from visual basic?"
- In reply to: Peter Borg: "Re: SQL Server & SSL"
- Next in thread: Antonio Tirado: "Re: SQL Server & SSL"
- Reply: Antonio Tirado: "Re: SQL Server & SSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
