With the new functionality provided by sql server 2005, can we use the certificate functionality to act as a db store for third party certificates. Posts that I have seen so far indicate that there is no direct access to the certificate store once a certificate has been imported to the db. Given that the database is more portable (for failover purposes for certificate storeage, lack of access to the certificate store should be considered a considerable problem for ISV's.
Failing that, if we need to impliment this functionality ourselves what is the best format to store certificates in the database (blob or other)
I have access to a microsoft certificate server and I have generated a server certificate for use in my SQLexpress installation. The certificate was installed into the personal folder of the local machine. The MMC certificate snap in can see it fine.
When I use the SQL server configuration manager and look in the certificate tab and try to use the drop down to find the certificate so SQL express can use it, nothing shows up.
Can someone please give instructions on how I can get SQl express to use the server certificate that I just installed?
Does SQL Server support wildcard Certificates. When you install the wild cert in the certificate store, the sql configuration manager does not see it in its drop down list. Id it does, what are the steps or please point me to the right direction. Does the cert need to be specifically for that particular hostname. Thanks
I am looking for a good introduction into the handling of certificates in SQL 2005.
I need to sign a procedure to allow it to access a dm view. I do understand the theory and the syntax, but I have trouble coming up with an easy but still secure way to create these certificates on all customer servers without allowing misuse. All articles I could find are going through creating a new database, setting up a certificate with or without password, signing an example proc and then dropping the database. Non seems to care about the problems that occur later on during the life of a certificate.
I want to get all the student from a Database table which store student certificate. For example, I need a query of student who "HAVE" 3 certificate(Cert A, B, C).
Certificate Table:
StudentName CertificateName John Cert A Wilson Cert B John Cert B John Cert C Michael Cert A
Output: John
sqlQuery = "Select * from CertificateTable Where (CertificateName = 'Cert A') AND (CertificateName = 'Cert B') AND (CertificateName= 'Cert C')"
Need to replicate mobile device that uses a wildcard certificate. Heard that ms windows mobile 5.0 does not support wildcard certificates. Is there a solution around this using vb.net.
I just want to be 100% sure about something. Certificates generated for use with service broker endpoints must be generated in the maste database, correct?
What are the implecations of the master key is changed for the master database ?
This may seem like a stupid question but i am trying to get the hang of the new security model.
I have not really heard anything mentioned about certficate expiration date when it comes to creating certificates for keys or service broker endpoints etc.
We have created certificates for keys and service broker endpoints, now what exactly happens when the expiration date, by default 1 year i think is reached, will we no longer be able to decrypt encrypted data and will the service broker endpoints stop working etc ?
Or is this expiration date when the certificate can no longer be used to create security objects ? And all security objects already created with this certificate will always work ?
In other words is there ever danger that keys and endpoints or basically any object referrencing this certificate will just suddenly stop working one day, or will all objects work indefinately regardless of an certificate/objects expiration date ?
I am currently trying to replicate a SQL Mobile 2005 database with a SQL Server 2005 database through web synchronization using SSL Server AND Client Certificates. On IIS, with "Require Client Certificates" unchecked, I can replicate fine. Once I turn it on, I get a message from replication saying "A Secure Socket Layer connection is required to access this site". I have installed a client certificate in IE, and can access the https://servername/Ojt/sqlcesa30.dll site (I tried removing the client certificate, and I was denied access, then reinstalled it and it worked - so I think that part is working). Does anyone have any experience with this? My production operating environment requires client-side certificates.
Hi, i want to know if its posible to create credentials or certificates in order to protect a SQL 2005 data base.
Because if someone Buckups one of my DBs from my server, and try to restore it in orther server i dont want they to see my DB information because he dont have the correct credentials or certificates for it.
I am trying to use the example in http://support.microsoft.com/kb/915852. This creates two databases SourceDB and TargetDB. If I put SourceDB on the same SQL Server instance as TargetDB, the messages is received with no problem. If I put the SourceDB on another Server so than I am using two separate servers in the same domain, the message never gets to the TargetDB. I have changed the routes to the correct server names and set the route port to 8286. CREATE ROUTE [myRoute] WITH SERVICE_NAME = 'SourceService', address = 'TCP://toto:8286'; and: CREATE ROUTE [myRoute] WITH SERVICE_NAME = 'TargetService', address = 'TCP://devbox05:8286';
My SourceDB is on one of several instances on the server toto. My instance is totofoxylady01,52005. The certificates were generated using the passwords in the article.
The project I'm currently working on has to be relatively simple for the users to install, so I had the idea of using service broker to "set itself up". The idea is that there will be a server with a service and suchlike already set up. Somehow the clients will get the information required to create a remote service binding, and once that has been accomplished will send a registration message to the server.
What I'm wondering is can I somehow create and send a certificate using service broker via t-sql, and also is this approach reasonable or is it a bad idea. The reason I had thought of something like this is because the people setting up the client sites may (and probably will) have very little knowledge (probably no sql server knowledge) so we need the installation to basically be a click and install.
Any way to bulk export / import TDE Certs? I've got a bunch of databases that need to be moved to another system. Just about every database is using TDE and was wondering if there was a way to move these certs in a bulk fashion. I've got SQL and Powershell scripts to backup and restore multiple databases, but won't do me any good without the certs.
I am trying to set up SQL Server 2005 to use a test certificate from Thawte for SSL encryption. I have installed the certificate in the local computer, current user and service account's personal certificates folders. I have also installed the root certificate in the Trusted Root Certification Authorities folders of each. All this was done using MMC.
However, when I go to tell SQL Server to use the certificate, no certificates show up in the drop down box. I am using SQL Server Configuration Manager and doing the right-clickPropertiesCertificate steps shown in multiple KB and forum articles.
I have also checked the registry entry at HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft SQL ServerMSSQL.1MSSQLServerSuperSocketNetLibCertificate. It is blank, which tells me SQL Server should be looking in the certificate store.
If I simply set the ForceEncryption flag, SQL Server starts up OK and generates a self-signed certificate. Using that, the session does get encrypted. However, I need to use a third party certificate.
I have hit a brick wall and am at a loss. Any help would be greatly appreciated.
I am looking at documentation of CREATE CERTIFICATE statement. I am having hard time in understanding if I want to create CERTIFICATE with above mentioned options, how I am supposed to create either PRIVATE KEY file or EXECUTABLE file. any example would be really helpful for what I am doing here.
