locked
CERTIFICATE: How do you use START_DATE, EXPIRY_DATE, SUBJECT, etc RRS feed

  • Question

  • when i create a Certificate with all this information (START_DATE, EXPIRY_DATE, SUBJECT, etc), how do i use it? 
    Any example using this information?

    Because, i created a certificate with expire_date, and after this date, all is working like allways (i could insert, encrypt, decrypt, etc), i supouse (maybe is may error) automaticaly SQLServer Certificate expire and anyone can use it (with message error)... just figure out...

    Or it information is used only with custom code and the certificate just store it for me and validate manually...

    Thanks for your comments.
    Tuesday, September 9, 2008 5:30 PM

Answers

  •  Some of the metadata for encryption objects in SQL Server 2005 (such as certificate expiration date, subject, etc.) was designed mainly for information purposes and to be used as a platform that developers could use when writing code.

     

      As you correctly suggested, it would be the responsibility of custom code to decide whether to verify and or just ignore them.

     

      Thanks,

    -Raul Garcia

      SDE/T

      SQL Server Engine

     

    Tuesday, September 9, 2008 6:21 PM
  • There are components that use certificates like Database Mirroring or Service Broker that actually look at those values and will refuse to use a certificate expired or not yet valid.
    Tuesday, September 9, 2008 6:26 PM

All replies

  •  Some of the metadata for encryption objects in SQL Server 2005 (such as certificate expiration date, subject, etc.) was designed mainly for information purposes and to be used as a platform that developers could use when writing code.

     

      As you correctly suggested, it would be the responsibility of custom code to decide whether to verify and or just ignore them.

     

      Thanks,

    -Raul Garcia

      SDE/T

      SQL Server Engine

     

    Tuesday, September 9, 2008 6:21 PM
  • There are components that use certificates like Database Mirroring or Service Broker that actually look at those values and will refuse to use a certificate expired or not yet valid.
    Tuesday, September 9, 2008 6:26 PM
  • Thanks Raul and Remus... it is all i need to know.

     

     

     

    Tuesday, September 9, 2008 8:02 PM