none
SSL Certificate Request Properties

    Pertanyaan

  • Guys, I need some help filling out a SSL certificate request in Windows Certificates snap-in.  I need a basic SSL cert to encrypt SQL Server data in motion on a standalone SQL server in a domain.  Need help filling out Subject Name and Alternate Name properties.  I already have a procedure that I've used for cert requests for a AlwaysOn Availability Group cluster.  In that case, I fill out request as follows:

    Personal Store
    Create Custom Request
    Proceed without enrollment policy
    Template = CA Exchange
    Format = PKS#10
    Subject name: Type =  Common Name, Value = <FQDN of the cluster node>
    Alternate name: Type = DNS, Value = <FQDN of the AG listener>
    etc.

    But for a standalone SQL server, what should the Common Name and DNS Name be?:


    Subject name: Type =  Common Name, Value = <?>
    Alternate name: Type = DNS, Value = <?>


    Should both be the FQDN, or should one or the other just be Netbios host name?

    Thanks.


    Kamis, 14 Juni 2018 15.13

Jawaban

  • 6) Check “Private Key ---- Key type” is “exchange”

    Click OK, the certificate is enrolled on node01 now.

    7) Make sure SQL Service account has been added into Local Admin group.

    8) Open SQL configuration manager. Choose this certificate. Click OK

    Force Encryption choose Yes

    Thanks,
    Xi Jin.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Ditandai sebagai Jawaban oleh District9 Senin, 25 Juni 2018 20.24
    Rabu, 20 Juni 2018 03.33
    Moderator

Semua Balasan

  • Hi,

    Sorry for the delay.

    We are currently looking into your question and will give you an update as soon as possible.

    Thank you for your understanding and support.

    Thanks,
    Xi Jin.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Selasa, 19 Juni 2018 02.51
    Moderator
  • Hi,

    In your scenario, you want to request a SSL certificate for Stand alone SQL Server. And you want to know what content should be add to alternative name. If anything is misunderstood, please feel free to let me know.

    Based on the research, for a standalone SQL Server, Subject Name : Type = Common name, value = node FQDN. Common name is a type not a real name. And in the alternative name, keep it null. Please refer to following detailed steps (step 4).

    1. Create a new certificate template in AD
    ==================================
    copy “Workstation Authentication” template.

    Change to “Server Authentication”.

    Add this template here

    2. Begin to request certificate
    ===============================
    1) Request certificate

    2) Choose “Active Directory Enrollment Policy”.

    3) You can see “copy of Workstation Authentication” here. Click the link

    4) Configure “subject”. AGNODE2.contoso.com is server name FQDN

    5) Check the “Extensions --- Key usage” is “Server Authentication”.




    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Rabu, 20 Juni 2018 03.31
    Moderator
  • 6) Check “Private Key ---- Key type” is “exchange”

    Click OK, the certificate is enrolled on node01 now.

    7) Make sure SQL Service account has been added into Local Admin group.

    8) Open SQL configuration manager. Choose this certificate. Click OK

    Force Encryption choose Yes

    Thanks,
    Xi Jin.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Ditandai sebagai Jawaban oleh District9 Senin, 25 Juni 2018 20.24
    Rabu, 20 Juni 2018 03.33
    Moderator