hqdev
asked on
Adding self signed certificate to trusted CA
Hi,
We have to use SSL for a internal website for SQL synchronization.
We have a local CA server were I issued a certificate to that web server.
When we browse to that server using SSL, our issuer is not trusted, so I'm trying to add it to the trusted CA of the browser, the import is OK, but I never see the certificate or my issuer in my trusted CA list.
Then if I browse again to that site, I still get the message that my issuer is not trusted.
Is there a way to add our issuer to the trusted CA of our browsers?
I've tried whith IE6 and IE7, those are the only allowed browsers in our organisation.
I need it to be trusted because the SQL sync agent fail to do is job because of that message.
Thanks
We have to use SSL for a internal website for SQL synchronization.
We have a local CA server were I issued a certificate to that web server.
When we browse to that server using SSL, our issuer is not trusted, so I'm trying to add it to the trusted CA of the browser, the import is OK, but I never see the certificate or my issuer in my trusted CA list.
Then if I browse again to that site, I still get the message that my issuer is not trusted.
Is there a way to add our issuer to the trusted CA of our browsers?
I've tried whith IE6 and IE7, those are the only allowed browsers in our organisation.
I need it to be trusted because the SQL sync agent fail to do is job because of that message.
Thanks
ASKER
I've already tried that with no success!
The certificate appears in the snap-in but if I go to the Internet options of the browser, I don't see it and I get the message if I try to browse to the diag link.
The certificate appears in the snap-in but if I go to the Internet options of the browser, I don't see it and I get the message if I try to browse to the diag link.
Try:
Start -> run mmc
Add snpin certificate. Select SERVICE
Find the service that runs the sql server (e.g. administrator or localsystem or other. See in services)
Select the right store and import the certificate
Start -> run mmc
Add snpin certificate. Select SERVICE
Find the service that runs the sql server (e.g. administrator or localsystem or other. See in services)
Select the right store and import the certificate
ASKER
The SQL service is run by "Network service".
If I look in the "Certificate - Service" area I find my issuer and my certificate everywhere.
I still get that error and no sign of the certificate through internet options!
If I look in the "Certificate - Service" area I find my issuer and my certificate everywhere.
I still get that error and no sign of the certificate through internet options!
Try to browse the site with the administrator account on the sql server and see if it tells you that the certificate is invalid. Try to install certificate in IE by administrator.
If you manage to browse the site without certificate issue reconfig sql server to use administrator account to start and check if so replication will occour.
If you manage to browse the site without certificate issue reconfig sql server to use administrator account to start and check if so replication will occour.
ASKER
I'm using the same account for all and it's admin on the 3 servers and on the station were I browse.
You should try what i asked. Go to sql server. Logon as administrator. Open IE. Browse the site and tell me if there are certificate problems.
ASKER
OK I did it and I don't have the certificate error on the SQL server.
Well. Problem solved, than!
Now as i told before:
If you manage to browse the site without certificate issue reconfig sql server to use administrator account to start and check if so replication will occour.
Now as i told before:
If you manage to browse the site without certificate issue reconfig sql server to use administrator account to start and check if so replication will occour.
ASKER
I reconfigured the SQL services with the same account I used to log on the SQL server (wich was the account I used everywhere) were I got no certificate error, but I still got that sync error!
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Good. Happy for you.
Start -> run mmc
Add snpin certificate. Select local computer.
Select the right store and import the certificate