Re: Certificate Requirements for SQL Data Encryption

Hi Logiodice,
Thank you for your email response.

Your certificate also did not work at my side. Anyway I did not put much
time on this error.

I read your steps at the newsgroup, however I would like to know why you
used such a complex step to get the certificate and the private key (.pvk).
Since you are using Microsoft Enterprise CA, you can simply acquire a
certificate via accessing http://your_CA_server/certsrv and taking the
following steps:
1. Click the link "Request a certificate";
2. Click "Or, submit an advanced certificate request";
3. Click "Create and submit a request to this CA";
4. Select your Certificate Template issued in your CA, check "Create new
key set", check "Mark keys as exportable" and check "Export keys to file",
and input the path to save the private key file, check "Store certificate
in the local computer store", input a Friendly Name and click Submit
5. Input the password during generating the certificate process, after the
step, the private key file was created and then you can download the
certificate by clicking "Download certificate".
6. Then you can create the certificate in your SQL Server 2005 with the
T-SQL statement as you showed.

In addition, there are some different settings on Certificate template
between yours and mine. Please refer to the following:
1. On Extensions tab, I added "Client Authentication" and "Server
Authentication" to the Application policy list; For Key Usage, I check
"Allow encryption for user data";
2. On Security tab, I give "Read", "Write" and "Enroll" permissions to
Domain Users group.

Could you please check if my steps worked for you? Please feel free to let
me know if you have any questions or concerns.



Best regards,
Charles Wang
Microsoft Online Community Support
=========================================================
Delighting our customers is our #1 priority. We welcome your
comments and suggestions about how we can improve the
support we provide to you. Please feel free to let my manager
know what you think of the level of service provided. You can
send feedback directly to my manager at: msdnmg@xxxxxxxxxxxxxx
=========================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=========================================================

.

Relevant Pages

  • RE: SIMple SSL question ??
    ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ...
    (microsoft.public.dotnet.security)
  • RE: SIMple SSL question ??
    ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ...
    (microsoft.public.dotnet.security)
  • Re: Certificates, Keys, Mobile Users, Intended Usage
    ... Option that you think about uses self signed EFS certificates. ... Better then exporting user's private key as backup is to setup DRA (Data ... there is no EFS certificate and it will generate a new one. ... Mobile computer users benefit from encrypting sensitive ...
    (microsoft.public.win2000.security)
  • Re: PFXExportCertStoreEx
    ... which contains the actual PFX and write that to the disk. ... methods to export certificate + private key from the IE store. ...
    (microsoft.public.platformsdk.security)
  • Re: EFS On Drive Works With >1 Computer?
    ... >I just went to Help and Support Center to see if it says anything. ... > agent's private key and certificate, ... > certificate, decrypting the file or folder, and then deleting the imported ... Try to decrypt it on a computer that is not and has ...
    (microsoft.public.windowsxp.security_admin)