SSL in SQL 2000 A/P Cluster | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

SSL in SQL 2000 A/P Cluster

Hi all,
Want to install a SSL cert on a SQL 2000 (SP4).
Followed the instructions on:
http://www.mcse.ms/archive84-2004-8-962548.html
(The only exeption, I added a email addr. in the request) What I did:
– created request file (with exportable keys) with CertReq.exe
– added the cert as MSSQLServer Service user in cert. store
– exported the cert (and key) and inserted in the second node
– added the thumbprint to the registry
– restarted mssqlservice and tested to move the nodes -> OK I’m now not able to test the SSL communication by enabling the client side "force encryption"
I get "SSL Security error" on the client. Any kick in the right direction is highly appreciated!
TIA
Dan Ackermann
The last post here might help:
http://groups.google.com/group/micr…read/thread/8bcccbed8d27a1a9/768c7c46f12a661e And this:
How SQL Server uses a certificate when the Force Protocol Encryption option is turned on
http://support.microsoft.com/kb/318605 Basically if you want to force SSL for all clients you do it on server level, if you want to force it for individual clients you need to copy the certificate to that client.
Hi all,
The problem was that our CA could not issue two certificatas (2 nodes) for the same FQDN. (Don’t know if this is possible with other (Microsoft) CA’s).
I had to install the same certificate on both nodes. That’s how I did it:
– reqest the certificate on one node (request needs to be formulated with exportable keys and that’s only possible with the utility CertReq.exe)
– install the certificate on one node
– export the certificate (with keys)
– and import it on the 2nd node. Detailed description could be found here:
http://www.mcse.ms/archive84-2004-8-962548.html
]]>