locked
Listening to multiple ports on Clustered environment with SSL RRS feed

  • Question

  • I have SQL 2012 clustered environment with SSL enabled with some port. Now I need to open new port with unencrypted traffic for one particular client. When I bind the certificate to DB server is there any option to select port?  Are there any complications if the environment is SQL 2012 clustered with 3 nodes?

    TIA for all the support.


    .*´¨) ¸.·´¸.·´¨) ¸.·*¨) (¸.·´ (¸.·´ .·´ (´¸.·* *·.¸.´¯`> Krunal



    • Edited by Krunal Mehta Thursday, February 1, 2018 11:36 AM updated
    Thursday, February 1, 2018 11:34 AM

All replies

  • Hi Krunal Mehta,

    We are currently looking into this issue and will give you an update as soon as possible. Thank you for your understanding and support.

    Best Regards,

    Teige


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, February 6, 2018 2:21 AM
  • Hi Krunal Mehta,

    Based on our researching, we can configure multiple ports for SQL Server, but we can not apply one port for a particular client connection. This feature may be achieved modifying SQL configure file code, but it is not a supported operation.

    >>How to bind the certificate to DB server with one port

    Use the HttpCfg.exe tool in "set" mode on the Secure Sockets Layer (SSL) store to bind the certificate to a port number. The tool uses the thumbprint to identify the certificate, as shown in the following example.

    httpcfg set ssl -i 0.0.0.0:8012 -h 0000000000003ed9cd0c315bbb6dc1c08da5e6  

    The -i switch has the syntax of IP:port and instructs the tool to set the certificate to port 8012 of the computer. Optionally, the four zeroes that precede the number can also be replaced by the actual IP address of the computer. 
    The -h switch specifies the thumbprint of the certificate. 

    For more information, please refer to the article about ‘How to: Configure a Port with an SSL Certificate’
    https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate

    Best Regards,

    Teige


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Proposed as answer by Teige Gao Monday, February 26, 2018 2:33 AM
    Monday, February 12, 2018 8:39 AM