locked
SSL on SQL Server 2008 R2 Cluster RRS feed

  • Question

  • Hi,

    I have a 2 node cluster with the name MSCx.mySubDomain.myDomain.com

    I used this name in the name and DNS fields to request a costume certificate as mentioned in the link below

    http://blogs.msdn.com/b/jorgepc/archive/2008/02/19/enabling-certificates-for-ssl-connection-on-sql-server-2005-clustered-installation.aspx

    But when I want to use the certificate:

    1. In one of the nodes I can not see the Certificate folder under Personal folder in Certificate snap-in.

    2. After importing the certificate it does not show up in the certificate list of the Protocols for MSSQLSERVER Prpperties window.


    Saturday, June 28, 2014 7:03 AM

All replies

  • have you followed these procedures for enabling certificates.. pls check the below link 

    http://social.msdn.microsoft.com/Forums/en-US/852b4e46-2a8a-4364-8982-11f884dbfa10/how-do-i-enable-ssl-encryption-for-an-instance-of-sql-server-on-a-sql-cluster-server-os-2008-r2?forum=sqlgetstarted

     

    Raju Rasagounder Sr MSSQL DBA

    Saturday, June 28, 2014 7:16 AM
  • Yes,

    But does not solve my problem.Here is a snapshut of my cluster.As you see I have marked the FQDN.I used this name and typed that in both CN and DNS fiels.


    Saturday, June 28, 2014 7:56 AM
  • This looks like a this is configuration error, we are missing something at enabling and configuration level.. please verify using below links

    http://support.microsoft.com/kb/316898/en-gb

    http://blogs.technet.com/b/mbaher/archive/2006/12/16/enabling-ssl-in-sql-2005-cluster.aspx

    http://blogs.technet.com/b/mscom/archive/2007/05/30/how-to-get-sql-to-accept-the-cert-or-a-day-or-two-in-the-life-of-an-mscom-debug-engineer-part-2.aspx


    Raju Rasagounder Sr MSSQL DBA


    • Edited by RAJU RG Saturday, June 28, 2014 11:13 PM
    Saturday, June 28, 2014 11:12 PM
  • Hi,

    I have read all those links,but no luck! I would like to explain the problem again:

    I have a 2 node cluster with Cluster Name MSCx.mySubDomain.myDomain.com and

    VirtualServerName sqlFailoverIns.

    1. I requested a certificate from one of them.CN and DNS = sqlFailoverIns.mySubDomain.myDomain.com

    2. The request Issued by a valid CA. They sent me a .cer file.

    3. I imported the file in both nodes. I copied the Thumbprint ,omitted the spaces and set the certificate value of the registry to that.

    4. At the end I restarted the service,But the certificate did not load :(

    Here is the content of ERRORLOG

    2014-07-01 11:08:51.20 Server      A self-generated certificate was successfully loaded for encryption.


    Wednesday, July 2, 2014 8:49 AM
  • Hi,

    The possible cause of the certificate does not appear in the Certificate list on the Certificate tab is that the installed certificate may be invalid.

    As the description, the certificate can’t be even seen under certificate folder under Personal folder in Certificate snap-in. due this we cannot check if the certificate is invalid or not.

    I suspect if the certificate has been installed properly. You may follow the below article to re-install the certificate and check the result:

    How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console

    http://support.microsoft.com/kb/316898

    Hope it helps.


    Tracy Cai
    TechNet Community Support

    Thursday, July 3, 2014 9:02 AM
  • Hi,

    I have already studied this link too.But still no luck

    :(

    Saturday, July 5, 2014 4:28 AM