Sharing An Encryption Certificate Between Servers
Apr 17, 2008
Hello,
We have a couple of databases set up, and we replicate data from certain tables between the two database. One of the tables we replicate is the Users table, in which we'd like to encrypt user passwords. Initially I created a certificate on both servers, and found that I could not DecryptByCert a password that was encrypted on the other server, and vice versa. It looks like all I was forgetting to do with supply a 'ENCRYPTION BY PASSWORD = ' parameter to CREATE CERTIFICATE. So, now I have the following:
CREATE CERTIFICATE Cert_UserPassword
ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y'
WITH SUBJECT ='TestingCertificate'
I ran that query on both of our servers, and I find I am able to decrypt the password on both servers. So, as far as I can tell, this is exactly the way I want it to work.
So, now for the question: Is this the right way to go about it? In order to decrypt the password on either server, it means I need to pass the 'pGFD4bb925DGvbd2439587y' password to the DecryptByCert command, which doesn't seem very secure. But if I don't use the 'ENCRYPTION BY PASSWORD', then the cert will be signed by the Master key, which is different on both servers, which will result in a certificate that can't decrypt what was encrypted on the other server.
Is there a way to take the actual certificate on one server, and export it to the other server, so that they're both using the exact same certificate to encrypt and decrypt? I would like to not have the password included in the Decryption command, if I can help it.
Thanks.
-Dan
View 1 Replies
ADVERTISEMENT
Apr 19, 2007
I am trying to create a encrypted row in my database Everything here worked except that when i run the final query to decrypt the data It just comes up with null for each row. Even if i do a query to show me the rows that are not null It's like it is saying yeah there is data here but I am only going to show you null instead of what I am supposed to decrypt.Here is what I tried from start to finish Create Certificate
TestCert
Encryption By Password = 'Password'
With Subject = 'SQLCert',
Expiry_Date = '12/01/2050';
declare @Test nvarchar(50)
set @Test='123456789'
insert into testenc (testencry)
Values
(encryptbyCert(Cert_ID('TestCert'),@Test ))
select convert (Nvarchar(50),
DecryptByCert(Cert_ID('TestCert'),
testencry,N'Password')) As Test
from testenc
View 2 Replies
View Related
Apr 22, 2008
i'm totally stuck, i know i must be missing something, just can't find it.. here's my situation:
tbl_user (ssn char(9), ssn_encrypted varchar(9));
CREATE CERTIFICATE AUTOCERT WITH SUBJECT = 'Salad', EXPIRY_DATE = '1/1/2099';GO
UPDATE tbl_userset ssn_encrypted = encryptbycert(cert_id('AUTOCERT'),SSN)go
select ssn, ssn_encrypted from tbl_user
results look good. encryption worked.
SELECT ssn, decryptbycert(cert_id('AUTOCERT'),ssn_encrypted) FROM tbl_user
results of select statement show ssn_encrypted = null for every record.
why is it null? how can i get decryption to work?
View 4 Replies
View Related
Sep 15, 2015
I have a SQL Server 2012 Standard and needed to fulfill a requirement to set Force Encryption on the Server with a DoD Certificate.
I will be altering my client connections to use Encrypt=True; TrustServerCertificate=True (The client is a .Net Web Application).
The OS is where SQL Server 2012 Standard resides is Windows 2008 R2 DataCenter Service Pack 1 64-bit.
What I am needing to know is where do I get the DoD Certificate from? and Do I just install it on the server where SQL Server resides?
View 0 Replies
View Related
May 30, 2007
Log shows (on SS2005)
A self-generated certificate was successfully loaded for encryption?
No encryption is used. Properties of Protocol for MSSQLSERVER shows no for Force Encryption, certificates are empty
How, why, where from and what for does it get and load self-generated certificate?
View 1 Replies
View Related
Mar 18, 2008
Guys,
We have existing SSRS farm (3 web servers total) with single virtual IIS servers on each box.
We need to add couple more virtual IIS server on each box.
And these virtual IIS need their RS as well.
Web applications are written by independent vendors. They all have different IP/domain name.
All web app have own Reports & ReportServer virtual directories.
I was thinking of sharing ReportServer windows service and RS databases.
Is it possible? What would be best setup route?
Thanks,
OK
View 1 Replies
View Related
Nov 19, 2015
We are unable to login in database due to “The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x80090331. Check certificates to make sure they are valid. Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.”we have tried to run that selfssl.exe from command prompt followed by below command and am getting the cryptographic error.
View 3 Replies
View Related
Aug 15, 2007
There is all kinds of great info out there about the mechanics behind column level encryption in SQL2005, but it all seems to assume I only have 1 or 2 database servers. If I am using an X509 certificate to encrypt my data, it looks as if I can script the administration of this fairly easily.
But what if I have 1000 SQL Servers?
Is there any guidance/best practices/tools out there that will help me manage the 1000 certificates that I would need to deploy in such a scenario. Also, what if I need to 'rotate' the certificates for some reason. Can a PKI for the domain help me to automate and manage this?
It seems as if the management of these certificates is purely 'manual' at this point.
Thanks for any help,
...Andrew
View 4 Replies
View Related
Feb 23, 2007
Greetings.
I have a setup/deployment question regarding SQL Server Encryption.
Internal database encrypts data in 3 different tables. This could execute on any one of 6 different servers.
The tables with encrypted data are replicated to another database on different servers (3)
How should the keys/certificates be created so that the data in the replicated database can be decrypted?
In my test scenario so far, I have been unable to have the second database decrypt the data that was encrypted on the first database (currently on the same server).
-- Create Database Master Key
CREATE MASTER KEY ENCRYPTION BY
PASSWORD = 'p@ssw0rd'
GO
-- Create Certificate
CREATE CERTIFICATE MyCertificate
WITH SUBJECT = 'My Data Encryption Certificate',
EXPIRY_DATE = '10/31/2010';
GO
CREATE SYMMETRIC KEY MyKey
WITH
ALGORITHM = AES_256,
IDENTITY_VALUE = 'My Symmetric Key',
KEY_SOURCE = 'Unique phrase that will be used to secure the key'
ENCRYPTION BY CERTIFICATE MyCertificate;
GO
View 3 Replies
View Related
Jun 29, 2007
Hi, We are trying to implement Service Broker between SQL Server Express and SQL Server on the Same machine and we are having problems with certificates. We are creating a certificate on SQL Server, backing up the certificate on a file system and then loading certificate on the SQL Server Express from the file and we are keep getting the following error: Msg 15208, Level 16, State 1, Line 1 The certificate, asymmetric key, or private key file does not exist or has invalid format.
Following script runs fine on SQL Server.
Code Snippet
use master
Create Master Key Encryption BY Password = '45Gme*3^&fwu';
BACKUP MASTER KEY TO FILE = 'C:ServiceBrokerPrivateKeyMasterB.pvk'
ENCRYPTION BY PASSWORD = '45Gme*3^&fwu'
Create Certificate EndPointCertificateC
WITH Subject = 'C.Server.Local',
START_DATE = '06/01/2006',
EXPIRY_DATE = '01/01/2008'
ACTIVE FOR BEGIN_DIALOG = ON;
BACKUP CERTIFICATE EndPointCertificateC
TO FILE = 'C:ServiceBrokerEndPointCertificateC.cer'
Following script runs on SQL Server Express:
Code Snippet
Create Certificate EndPointCertificateC
From FILE = 'C:ServiceBrokerEndPointCertificateC.cer'
WITH PRIVATE KEY (
FILE = 'C:ServiceBrokerPrivateKeyMasterB.pvk',
DECRYPTION BY PASSWORD = '45Gme*3^&fwu'
);
If we run the script other way around, it works fine. If we use the SQL Server on some other machine, the script works fine. But only on the same machine, it throws this error. We made sure the permissions and everything. Let us know if there is any work around or what are we doing wrong.
Any help is appreciated. Thank you,
View 4 Replies
View Related
Oct 7, 2015
I have created two user defined functions for encryption and decryption using passphrase mechanism. When I call encryption function, each time I am getting the different values for the same input. While I searching a particular value, it takes long time to retrieve due to calling decryption function for each row.
best way to encrypt and decrypt using user defined functions.Below is the query which is taking long time.
SELECT ID FROM table WITH (NOLOCK)
WHERE dbo.DecodeFunction(column) = 'value'
When I try to use symetric or asymetric encryption, I am not able to put "OPEN SYMETRIC KEY" code in a function. So, I am using PassPhrase mechanism.
View 3 Replies
View Related
Sep 17, 2004
Hey guys,
I have a quick question about SQL 2000 server data sharing.
I am currently using SQL 2000 Server Enterprise and I need to do synchronous data sharing with flat files. I have an ODBC connection to the files. I was able to easily share this data by using linking in Microsoft Access, however, for the life of me I cannot figure out how to do the same in SQL. We are in the process of converting legacy code. The old code will of course be communicating with the flat files and the new code will be talking to SQL server. So it is vital that the 2 access methods are both pulling the same data. Does anyone have any ideas???
Help would be greatly appreciated
Thanks
Dax
View 3 Replies
View Related
Jan 21, 2008
hello sir
i have sql sever 2000 installed on my PC which i would like to share on network.
when i am trying to create ODBC connection from other pcs on network i am getting error -- specified sql server not found.
pls help me
gayatri
View 4 Replies
View Related
Jul 11, 2006
Can you use SQL Express remotely instead of locally.
I have been told that I might be able to use SQL Express as my network server for sharing files. Is this possible, or do I need a different version of SQL to do this?
I have been reading the VBE forums and from what I gathered was that SQL Express is only for a local table only, is this true?
If not, what is the work around, and how do I go to another pc to find out if it is sharable?
I would hate to get several months in my app design and learn that I was headed in the wrong direction.
Thanks
David
View 8 Replies
View Related
Feb 6, 2004
How can I share stored procedures so I can call them form different databases ?
Basically, all databases have identical table names and structure but containing different data and I don't want to replicate all stored procedures on every database. There are too many and will also be very unpractical to maintain the code.
Thanks,
Moshe
View 4 Replies
View Related
Jan 2, 2006
Hi :)
I would like to know if it is possible to link two databases together
(in my case ASPNETDB, and another mdf database) so that I can run
queries on those shared tables. For example, I would like to use the
uniqueidentifiers from the ASPNETDB tables in my own tables.
Thank you!
(I do use the latest version of Visual Web Developer).
View 3 Replies
View Related
Apr 17, 2007
I am writing a DB-driven application, using Visual Studio. I have a database that i want to be able to move from one computer to another, and still be able to access it. It's probably something simple, but I must be missing out something.
The problem is that if i choose windows authentication, then the DB cannot be used on another computer. I also had no luck when using SQL Authentication.
How can this be done? What form of authentication should be used and how, so that I can just copy my DB from one computer to another, then log into the DB using a username and password?
*Any* help would be greatly appreciated!
View 3 Replies
View Related
Jul 20, 2005
Hi:I'm trying to setup a MS Cluster but I don't know if it is feasible toconfigure it in the way I think.I have two machines with win2k server and MSSQL-2000 one of them iscurrently performing as the production database and the other one isthe backup. The secondary one is keeping updated via the "LogShipping" technic.We almost covered all the other possible failures of the othercomponents (ie: network, power, application servers, etc), the data ismaintaned in a raid which is ok but we want to cover also thepossibility of that failure too (yes, you can call us paranoids!! ).The thing is we want to create a cluster that do not share the data,but each machine of the cluster have thei own set of the same data.My intention is to configure the cluster to detect a failure of onemachine and initiate the failover to the remaing one using theappropiate scripts related to the promotion of a secondary serverkeeped updateusing "log shipping".Have anyone some experience with that kind of solution ??Thanks in advanceLeonardo
View 2 Replies
View Related
Oct 30, 2007
Hi,
Can we share and schedule whole report folder(not just one report) by using management studio?
Thanks
View 1 Replies
View Related
Sep 27, 2006
Hi guys,I've got two apps that are going to have pretty much the same users and i wanted them to have the same ASPNET.MDF user database. Is it possible to store the ASPNET.MDF in a different location and then have the two apps access it from there or alternatively have it in the App_Data folder of one of the apps and then have the second app access it from there?Thanx
View 2 Replies
View Related
Feb 7, 2007
Hi;
I have an ASP.NET application with a SQL Express database.Here is the connection string used on the web application:"Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|admindata.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"
Now, i create a Windows application which will run on the server to perform some scheduled tasks, for the Windows application I used this connection string:"Data Source=.SQLEXPRESS;AttachDbFilename=D:WebSitesmywebsite.comwwwApp_Dataadmindata.mdf;Integrated Security=True;User Instance=True"The problem is, when the web site is running and using the database, the windows application can't connect to the database and i don't know where i'm doing wrong, if it's the web application connection string or, if it's the windows application connection string.
I hope someone had the same experience and can point me to a direction.
Thank you;Emerson Brito
View 7 Replies
View Related
Jul 14, 1998
Does 7.0 allow multiple databases to share a data file/log file?
Will a large data device file shared by 10-25 databases present any problems?
Thanks
View 2 Replies
View Related
Nov 15, 1999
Would someone please tell my how to share the same NT Login on a Publisher and a Subscriber Server. For example, one of
the requirements for Replication is that the Publication Server and
Subscription Servers should share the same SQL Executive account. I tried
doing this in Control Panel, Services Applet, Startup, and This Account Box. The Subscribing Server is not allowing me to map the login of the Publishing Server. I also tried within NT User Manager for Domains. I am not able to figure this out. I am trying to get Replication to work within a Workgroup on two NT 4.0 Servers SP3, with SQL Server 6.5 SP5a.
Thanks, Kevin
View 2 Replies
View Related
Sep 27, 2005
Hello -- Please excuse my extreme newbieness -- trying to get up to speed fast on SQL Server Express for work. I've been able to set up the software, create a database, and access it with no problems on my local computer, but I need to make the database available to other computers in my workgroup. I followed instructions -- enabled TCP/IP and Named Pipes and turned on SQL Server Browser, and I was actually able to manipulate one system database (the "master" database) from another computer but not any other databases, not even the other system databases. I can connect to any of the databases with the SQLCMD commands, but if I try to do any SELECT commands (other than in "master") I get an error: "SELECT permission denied on object '[MyTable]', database '[MyDatabase]', schema 'dbo'". I was only able to get into "master" after adding "guest" as a user, but adding this user to the other databases has no effect. One interesting thing: When I used the sp_table_privileges command on each database, all but "master" showed all privileges being granted to and from "dbo", but "master" didn't show anything being granted to or from anybody. Does anyone know what could be going on here? Am I missing something obvious? Thanks for any and all help!
View 1 Replies
View Related
Sep 26, 2007
I'm looking for some advice on how to manage reports that use the same query in their datasets. I have multiple reports that use several datasets that are the same. If I need to make a change to one dataset, I need to remember to update the other datasets. Of course I don't always remember to do that!
Is there a way to create a dataset in a single location and then share it? I was thinking of using a View but I don't think it'll accept the parameters.
I've been cutting & pasting the entire query as I make change but I'm afraid it'll mess that up or forget to update a dataset.
How do you do it?
Any suggestions you have would be helpful.
Rob
View 7 Replies
View Related
May 31, 2007
I have read a number of threads in this forum concerning SSIS packages and Protection Level. I regret to say that I did not manage to find one that covers the problem I am experiencing.
I have saved a package that contains a SQL Server Authentication login and password. In Properties for the Package I have set
ProtectionLevel = EncryptSensitiveWithPassword
I then save my Package and use F5 to run it in Visual Studio 2005 Team Edition. It runs just fine.
I then walk over to a co-worker's desk, have him "Get Latest Version" in Source Control Explorer, and then have him double-click on the SSIS Package. It indicates that he must enter the password, which we do, and then it begins validation of the package. By changing to EncryptSensitiveWithPassword (instead of EncryptSensitiveWithUserKey) many of the earlier error messages went away.
We still get one fatal error, though, which prevents him from pressing F5 to run the package on his PC. The error message is one reported in some other threads in this forum:
Error loading PackageName(C2097).dtsx: Failed to decrypt protected XML node "DTSassword" with error 0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available.
Naturally we are running this on a computer different from the one on which the package was created/last-saved, and running with a different Windows user.
The package is a fairly simple one: it merely copies a few dozen tables from Access to SQL Server 2005 on a central server.
Might the error message be related to the Access connection? (He has the same rights to the Access database that I do, but those are based on Windows Authentication -- which makes me wonder if that might be the problem. The Access database is located on a central server, and the access rights are controlled through User Groups in the Windows File System.)
I would like for others to be able to run this and other SSIS packages I have developed.
Ultimately we would like to store completed SSIS packages in the File System (rather than in SQL Server 2005), and allow anyone in our team, who knows the password(s) for the packages, to run them without difficulty.
Is this possible?
Dan
View 12 Replies
View Related
Mar 7, 2007
Ok, I understand it is possible, but I still can't quite get the mechanics of it to work.
I create a new BIDS project, and add a package to it, and add 3
connection managers, and set the server, instance, DB, etc. for SQL
connections. I change the name of each connection manager so the server
name is not there, but use something more like a generic name of what
the database is. Fine. I right click in the Control Flow area and go to
configurations. I enable configurations, and save to a common place on
the C drive. Save everything, exit, VS, fine, and I export all
connection managers properties.
Then I start Visual Studio again. Create another new BIDS project, add
a package to it, and add 3 connection managers. I don't actually
connect them, but use those same generic names from the first
iteration. I enable configurations for the package. I am somewhat
expecting to see the connections change from the same-o-default to the
data I used in the first go around.
I am obviously missing something big here.
View 3 Replies
View Related
Nov 29, 2007
We receive data files from different external customers, and these files have identical layouts.
I'm planning to set up a package for each customer. Each package will contain a flat file source -> OLEDB transformation dataflow, (followed by other customer-specific data flows).
What I'd like to do is just create this dataflow once, parameterising the flat file and table names. Is it possible to include this dataflow in each customer package so that if the flat file layout changes, I can just modify the connection managers in the one place, and then recompile each package to pick up the changes?
Any advice appreciated.
View 8 Replies
View Related
Jan 22, 2007
Hello,
I'm using an XML file to configure my dataBase connection string. I try to deploy my package on a new server and it works perfectly.
Then I made a second package which also need a configuration for the dataBase connection string. (I made the connection with the connection manager inside packages). The configuration is the same that for my first package, so I thought to use the same configuration file.
I can use the same configuration file but the problem is when I try to generate a deployment for my solution. I got an error which tell me that the xxx.dtsConfig file already exist and can not be copy again.
When I made the configuration in the second package I said that I want to reuse the file ... and I thought that for the deployment SSIS would know that it has to include that file only once ...
Did somebody already have this problem ?
Thanks !
View 3 Replies
View Related
Mar 6, 2007
The scenario is an ETL that takes flat file feeds via FTP to move data into varous production SQL server databases nightly.
There are a number of packages involved, and this depends upon the type of data being sent.
There are a set number of servers and databases to receive the
transformed data. I would like to be able to define say 3 servers, and
maybe a couple of databases in each one time in the configuration. For
simplicity lets say 6 databases total. I would like a single point of
maintenance for these 6 locations. I would like all connection managers
in all packages in all solutions to share these 6 settings in all
connection managers. Is this possible? From my initial attempts, it
would appear each package gets its own independent list of connection
managers and which must be configured separately. I don't see how to
share settings, which is really where the power of SSIS configurations
would be.
Similarly, I would like to be able to locate flat files at given paths.
The package may know the name of the file it is looking for, or the
file it will create, and the folder path needs to be computed from a
configured folder root, and for the package connection manager to store
only the name of the file, which never changes.
I can not see how to set something like this up with connection
managers and configurations. Perhaps I still need a highly customized
solution to achieve this, as we did for DTS, where we would only
execute packages using our own executor, which would load the package,
search out all environment specific settings and modify them on the fly
prior to executing the package.
Thanks for any direction you can give here. The books I've read seem to
imply I might be able to do what I need here, but I can't seem to find
the mechanics of making it happen.
View 1 Replies
View Related
Sep 26, 2007
I am in the process of designing a web application for our application that will be available to the general public.Basically will be used to collect information for a case report. I need to know if there is a way from our internal database driven application to push certain data up to the website that the database may be behind a firewall so I cannot make a direct connection to the external database. I thought I heard about some sort of data sharing protocol. I then will be storing the users entered data in the website database and pulling it from the internal application. So basically I need a secure way of sending and receiving data between a server/client app on a LAN system to the Web site database that could be hosted outside the LAN.
I hope this made sense.
View 4 Replies
View Related
Jan 13, 2005
Hi
Im looking for an efficient way of using a singe set of stored procedures to access a number of different databases (Sql Server).
The most feasible option Ive come up with so far is to send the specific database name through as a parameter. Unfortunately the function use isnt available to stored procs, so it seems I must move the query into a varchar, to then exec it.
Theres been another suggestion of using a web service to store the procedures, but I imagine that this would be very slow and cumbersome.
There must be a better way any ideas?
Thanks,
indra
View 6 Replies
View Related
Nov 4, 2015
I work in a medical facility and and client confidentiality prevents loading my pivot tables to sharepoint at this time.
I am creating several reports that combine data from SQL Server, Cerner medical report DB and some lookup tables in Excel.
Everything works great on my desktop but I'm having trouble sharing my work.
Our normal routine is to drop a copy of our excel files in a Pass through file on the server that has strict access controls.
I think my main problem is my supervisor doesn't have powerpivot on his machine. that will be corrected tomorrow.
My question is: When close your powerpivot workbook, do all the connections go with it. If I just drop myproject.xlsx into the pass through will all the links to the varying data sources still be available?
View 2 Replies
View Related