Re: ssl renewal questions
From: Jasper Smith (jasper_smith9@hotmail.com)
Date: 04/17/03
- Next message: mike singer: "Re: ssl renewal questions"
- Previous message: Jose Branco: "suspect database"
- In reply to: mike singer: "Re: ssl renewal questions"
- Next in thread: mike singer: "Re: ssl renewal questions"
- Reply: mike singer: "Re: ssl renewal questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jasper Smith" <jasper_smith9@hotmail.com> Date: Thu, 17 Apr 2003 22:19:59 +0100
Just on the server which I guess explains the clients being able to
connect but it should stop the SQL Service restarting because
the certificate is invalid (I was forcing encryption on the server)
I will try it with the client date changed as well and see what effect
that has
-- HTH Jasper Smith (SQL Server MVP) I support PASS - the definitive, global community for SQL Server professionals - http://www.sqlpass.org "mike singer" <nospam_zookeeper@wwwhr.com> wrote in message news:uoAYQoQBDHA.208@TK2MSFTNGP10.phx.gbl... > Thanks Jasper. That makes me a little more comfortable in deploying. > Question: when you changed the dates, did you do so on both the client and > the server? > > > "Jasper Smith" <jasper_smith9@hotmail.com> wrote in message > news:eUQJ9dPBDHA.1820@TK2MSFTNGP12.phx.gbl... > > It seems to not care as far as I can see. If i forward the clock > > a year on a test server and check the certificate using the > > certificates mmc snap-in, the certificate shows up as expired > > but connections continue to be encrypted and restarts of sql > > service are fine. Unless it knows I'm messing with the clock it > > doesn't seem to care if the certificate has expired. You don't > > seem to have to restart SQL to use a new certificate - after > > i changed the clock and the first certificate expired I requested > > and installed a new one and then deleted the old one - all while > > SQL was still running. Connections seemed unaffected and were > > still encrypted (checked with sniffer). It seems odd it doesn't care > > about the dates though. > > > > -- > > HTH > > > > Jasper Smith (SQL Server MVP) > > > > I support PASS - the definitive, global > > community for SQL Server professionals - > > http://www.sqlpass.org > > > > "mike singer" <nospam_mikes@wwwhr.com> wrote in message > > news:#QuS2tGBDHA.3380@TK2MSFTNGP11.phx.gbl... > > > I've just started playing around w/ SSL on sql connections and have > gotten > > > the basics working after installing certificate services. > > > > > > IIS requires no downtime to renew certs and has menu driven renewal > > options. > > > I can't seem to find any such menus for SQL. Is there an easy process > to > > > renew a cert or do you just request a new cert w/ the same name? Also > it > > > appears that I had to stop and restart the sql process to get certs > > > working. Will I need to do that for the renewal process as well? > > > > > > A more fundamental question. If a cert expires, do subsequent > connections > > > to the server fail? > > > > > > I want to take the step in making this our standard config, but I am > > afraid > > > that there might be a risk that the whole enterprise comes crumbling > down > > if > > > we don't closely watch for expirations. > > > > > > > > > > > > > > >
- Next message: mike singer: "Re: ssl renewal questions"
- Previous message: Jose Branco: "suspect database"
- In reply to: mike singer: "Re: ssl renewal questions"
- Next in thread: mike singer: "Re: ssl renewal questions"
- Reply: mike singer: "Re: ssl renewal questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
