October 12, 2009 at 9:38 am
Hello all. I am trying to setup SSL encryption on my SQL Server 2005 machine in order to encrypt the data in transit between my client machines and the server. My SQL Server is running on a Windows Server 2003 Standard and my Certificate Authority is running on a Windows Server 2008 Enterprise machine. Here are the steps I follow to get this up and running.
* Open up mmc on my machine running SQL. Add the Certificates snap-in .
* Right click on Personal store and Request New Certificate. Get message that CA got the request
* Go to my machine running CA, Open up certsrv, find my request in Pending Request and issue request
* Go to Issued Certificates and open it up. Export Certificate to file.
* Copy file over to my SQL machine.
* Install certificate in the Personal store.
So up to this point everything seems cool. I then go to my SQL Server Config manager and set Enforce Encryption to Yes. The problem is that the certificate is not showing up on the Certificate tab. After lots of reading I found out that the certificate seems like a valid certificate except for the fact that when I open up the Certificate from the mmc and look at the General tab I dont see the line "You have a private key that corresponds to this certificate." So it seems like somewhere along the line the private key is not getting to my machine running SQL Server.
Additionally, whenever I request a certificate the option to 'Make this key exportable' option is always grayed out.
I followed this exact same process to install a certificate on a machine running Windows Server 2008 Standard with SQL Server 2005 and everything works fine. I've tried making a new template with the option to make the key exportable selected but for some reason I cannot create a new certificate based on that template.
Any help on this would be greatly appreciated.
Thanks
October 12, 2009 at 11:08 am
I think we had a similar problem recently. I asked someone here and he said a few problems were caused by
not using the fully qualified domain name; having it in the right container ... trusted root. Hope this helps.
October 12, 2009 at 11:46 am
I have the certificate issued to the filly qualified domain name, server.domain.com so I dont think that is the problem.
I have the certificate in the 'Personal' store because everything I've read said to put it in there. Does it need to be in Trusted Root?
October 12, 2009 at 11:50 am
He told me it needed to be in the trusted root .... but get another opinion in case I'm wrong.
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply