Re: SSL on published SQL Server

From: Eliyahu Goldin (removemeegoldin_at_monarchmed.com)
Date: 01/28/04 

Date: Wed, 28 Jan 2004 16:39:39 +0200

Thank you Jasper and Kevin,

Now I understand that my mistake was specifying the domain name rather than
FQDN. Now I need to buy another certificate for the FQDN. Before doing this,
I'd like to make sure it will work in my case.

Let's say the SQL server runs on machine called dbserver. The machine
belongs to domain mydomain.com. When I ping the machine from itself
ping dbserver
it replies with "Pinging dbserver.ad.mydomain.com".
Question 1: Shall I assume that dbserver.ad.mydomain.com is my server's
FQDN?

Note, that name dbserver.ad.mydomain.com is unknown outside of my domain,
since the machine is sitting behind the firewall. To access it from
Internet, I specify external IP address assigned to the ISA server, and the
ISA server re-directs traffic to dbserver machine via publishing.
Question 2. Kevin says I need to install the same certificate on the ISA
box. Does it mean I will have to go through the certificate requesting on
the ISA box being careful to specify exactly the same parameters as for the
SQL server box and then to install the same .cer file? Or I have to buy
another certificate for the FQDN of the ISA box?

Thank you very much for your assistance,

Eliyahu

"Kevin McDonnell [MSFT]" <kevmc@online.microsoft.com> wrote in message
news:cOq414R5DHA.2920@cpmsftngxa07.phx.gbl...
> You'll need a cert issued to the FQDN installed on the SQL Server, and the
> same cert would need to be installed on the ISA box.
> Once you put the cert on the server and enable Force Protocol Encryption
> using the Server Network Utility, the MSSQLServer service needs to be
> restarted. We only read the cert once on startup. If the server fails to
> start, there is a problem with the cert.
>
> Verify that you can make SSL connections from a client inside the firewall
> first.
>
> Thanks,
>
> Kevin McDonnell
> Microsoft Corporation
>
> This posting is provided AS IS with no warranties, and confers no rights.
>
>
>

Relevant Pages

  • Re: SharePoint 3.0: problems with external access
    ... Here are the steps to publish a WSS 3.0 application behind ISA Server. ... Let's assume that you created a new WSS 3.0 application, that listens to port 80, and the host header is 'Intranet'. ... Go to IIS Manager and make sure that the IP address of the site is set to the IP address of the server. ... Run the wizard to create a new SSL certificate for the site. ...
    (microsoft.public.windows.server.sbs)
  • Re: Configuring SBS2003 for OWA and RWW
    ... And make sure certificate will not be ... On the Connection Type page, click Broadband, and then click Next. ... next to Preferred DNS server and next to ... If you are using ISA, please go to ISA management console, and navigate ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA Form Resetting
    ... It seems that I had FBA turned on on both the ISA & Exchange server. ... the ISA OWA Listener to Integrated Authentication and the FBA set on ... I was issued a new SSL certificate from InstantSSL.com. ...
    (microsoft.public.isa)
  • Re: OWA Form Resetting
    ... It seems that I had FBA turned on on both the ISA & Exchange server. ... I was issued a new SSL certificate from InstantSSL.com. ... After installing the new cert and REBOOTING, ...
    (microsoft.public.isa)
  • RE: Error message 0x85010014 trying to sync mobile with exchange 2003
    ... Since you use the 3rd-party certificate for your SBS, ... Deploying Windows Mobile 5.0 with Windows Small Business Server 2003 ... ISA server 2004 will block the anonymous Internet access, ...
    (microsoft.public.windows.server.sbs)