[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 974
  • Last Modified:

How to request certificate for using SQL Server SSL from standalone CA

I would like to test the implementing SSL on SQL server 2005. I have issued the certification from standalone CA on windows 2008 that is used for issuing certificate testing. The issued certificate has details as the following:

Version: V3
Issuer  : ca-servername-ca
Valid from :Thursday, September 20,2012
Valid to     : Frisay,September 21,2013
Subject     : sql-server-name-FQDN
Public key  : RSA(1024 Bits)
Enchanced Key : Server Authentication(1.3.6.5.5.7.3.1)
Key Usage : Digital Signature, Non-Repudiation, Key Encipherment,Data Encipherment (f0)

I installed this certificate on windows 2003 in "Computer account" under "Personal" folder. I have tested this certificate by opening, The general Tab shows Red Cross Mark (X) and message "The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered"

I opened the properties of  insatnce's protocol in the SQL Server manager, it dosn't show the certificate in the certificate dropdown list.


Please advice, what is wrong  this certificate

Thanks
0
ladapa
Asked:
ladapa
  • 2
1 Solution
 
dave_tillerCommented:
It sounds like either a bad certificate or that it was incorrectly imported.  The server does not recognize it as a valid certificate.  Please refer to the following:

To generate the certificate:
http://blogs.msdn.com/b/karthick_pk/archive/2010/11/18/configuring-ssl-for-sql-server-using-microsoft-certificate-authority-server.aspx

To configure SQL for SSL:
http://msdn.microsoft.com/en-us/library/ms191192.aspx

I hope this helps.
0
 
ladapaAuthor Commented:
Thank you for your answer. Your information is helpful.

Now I can issue the unbroken certifiicate  and install on the windows 2003 server with my computer account. I can see the installed certificate on SQL Server Configuration Manager, and I accept that certificate. But I got another problem, I could not start the SQL instance service if the service is logon with Local User Account, it can be started if the service is logon with Local System Account.

 Question?
How to grant privilege for Local User Account to access the certificate?

I got this message in the eventlog when the  service is  failed start.

1. "Unable to load user-certificate. The server will not accept a connection. ......." Event ID 26014

2. "TDSSNIClient initialization failed with error 0x80092004, status 0x80." Event ID 17182

Note that: Local User Account is the member of Administrator group.
0
 
dave_tillerCommented:
You may want to start the SQL Server service using a domain account, rather than a local account.  This will allow for centralized management as well as access to network resources if needed.  Also, please verify that the VIA protocol is disabled.  That is a hardware protocol that hardly anyone uses anymore.  VIA is very buggy.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now