I am trying to setup an encrypted connection between a
- MS SQL server running on Windows 2008R2
- Amazon Web Server running NGINX
but I have hit some road blocks.
I have found that the SQL service will not start, unless the certificate in use has been issued to the name of the server, which is unfortunate as the server FQDN is a .local domain, e.g. there is no option to obtain a trusted certificate that would contain a .local FQDN name as well. Only way to issue such a certificate is a local CA, but than such certificate wouldn’t be trusted externally.
In a windows based server, there are ways to “hack” the system to get it work (add the FQDN of the local server name with the public IP address, so that the server name can be resolved; add the local CA certificate to trusted CAs list on the web server, so that it trusts the certificates issued by it). But unfortunately, not sure if we have such options in AWS.
I was wondering if someone ever had faced such a scenario, and if you found any way to make it work?