January 26, 2015 at 5:36 pm
Perhaps I already have the answer to this question but I just need to make sure I'm not "wasting certificates".
The shortest version, is it possible to share a valid SSL Certificate between SQL and RDS on 2008 R2 Server?
The certificate meets all the criteria for validity. It is FQDN, Internal CA, Root certificate in the Trusted Enterprise Root, Service Account has Permissions to the Certificate. The server certificate in Local Machine\Personal Store. Private key was exported with Certificate. The server is in a domain, primary suffix is configured. Basically validated all the rules relative to using SQL Encryption. And technically, it does work......Except when attempting to use the same certificate for RDS Encryption. There are no port clashing from TCP Port usage perspective relative to the encryption. Perhaps what I'm attempting is not possible. But then, what is possible?
Just adding the certificate it shows up for both SQL Connection Manager and Remote Desktop Connection Manager. The moment I bind it to RDP for encryption it does not show up in SQL Connection Manager. If I unbind it I can bind to SQL Connection Manager.
The issue I have is I would like to use SERVERNAME.MYDOMAIN.COM for proper SSL etiquette versus say SHORTNAME for RDP and FQDN for SQL.
I've used Subject Alternative Names with a single certificate in the past for binding to multiple SQL Servers but here I'm just attempting to use the proper name FQDN (FQDN equals the AD Domain). Each domain has a root CA for issuing private certificates.
The only way it will work, to my present knowledge, is issuing one certificate with Common Name of SHORTNAME and another with Common Name of "SHORTNAME.MYDOMAIN.COM" FQDN.
This will work but would this be considered "bad SSL" practice?
It goes against the rules of SSL relative to FQDN but on the other hand I'm just using it for Internal RDP Encryption?
I've reviewed multiple articles but nothing addressing this specific issue unless it is not an issue and just by design.
Any suggestions or options welcomed. What have you done perhaps?
Everything is correct per these reference articles:
How To Use SQL Server Over SSL? How To Encrypt SQL Server Connection?
http://www.sqlservermart.com/HowTo/MSSQL_Over_SSL.aspx
Remote Desktop Services Uses the wrong Certificate
Configuring Certificate for Use by SSL
https://msdn.microsoft.com/en-us/library/ms186362(v=sql.105).aspx
Certificate drop down menu empty when trying to select SSL certificate to enable SQL Server 2008 client encryption - SPANDERS.COM
http://www.spanders.com/sql-encryption/
Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager)
https://technet.microsoft.com/en-us/library/ms191192.aspx
How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
https://support.microsoft.com/kb/316898/EN-US?wa=wsignin1.0
remote desktop - Install Certificate in RDP-TCP properties - Server Fault
http://serverfault.com/questions/201451/install-certificate-in-rdp-tcp-properties
problem recognizing an ssl certificate for sql server 2008 r2 - Spiceworks
How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
http://support.microsoft.com/kb/316898
Encrypting Connections to SQL Server
https://msdn.microsoft.com/en-us/library/ms189067.aspx
Building a 2008 R2 RDS Load Balanced Farm with RD Connection Broker » Adrian Costea's blog
http://www.vkernel.ro/blog/building-a-2008-r2-rds-load-balanced-farm-with-rd-connection-broker
Request and install SSL Certificates in Microsoft IIS 7/8 » Adrian Costea's blog
http://www.vkernel.ro/blog/request-and-install-ssl-certificates-in-microsoft-iis-78
Viewing 0 posts
You must be logged in to reply to this topic. Login to reply