Certificate Private Key Cannot Be Found
Apr 15, 2014
I set up Service broker (2008R2 -> 2012) across different servers and domains using certificates.I set up 2 queues (one for sending, one for receiving).I set up 6 services (3 for send, 3 for receive), all 3 sharing the same queue type. (srv_send_1, srv_send_2, srv_send_3), (srv_receive_1, srv_receive_2, srv_receive_3).I set up a route for each receiving service on the source, and for each sending service on the target.I set up a SB binding to the remote for each sender service type.I granted send rights to the sending services on the source server.
I then tested my first service, and it worked perfectly (still works).My second service however is failing with the error "The certificate's private key cannot be found".I am stumped, as all the setup code was a lot of copy/paste which I have checked, rechecked and even re-coded.Basically, here is what Im doing:
begin dialog @ConversationHandle
FROM Service srv_send_1
TO Service 'srv_receive_1'
ON CONTRACT myContract
WITH ENCRYPTION = OFF, LIFETIME = 60*60*24*7;
SEND ON CONVERSATION @conversationHandle
MESSAGE TYPE [my_msgtype] (@xml);
The above code works 100% with service1, but not with service2.Note that on profiler, the target server doesnt receive any communication. The error shows on the sender profiler.Also, The conversation shows up as CONVERSING in sys.conversation_endpoints and the entry exists in sys.transmission_queue.
View 1 Replies
ADVERTISEMENT
Feb 5, 2008
We are looking to put column level encryption on a table. Great! Wonderful! Look in books online and see that you must give "control" perm to the Certificate for any user that needs to use the symmetric key.
Now my question. I have backed up the Certificate to file. What I have found playing around with the commands is it is possible to run the following command:
Alter Certificate MyCert
Remove private key
BOL says their is no "Restore Certificate" command and to just use "Create Certificate". I have tried this and I keep getting an error saying the certificate already exist in the database.
What have I missed? How can I restore this certificate without restoring the ENTIRE database? Is there a permission set that can be applied to the Certificate to stop thsi kind of command from being run while still having the symmetric key usable? Any help would be of great use!
Thanks,
*note* this is using the MasterKey->Cert->SymmetricKey
View 6 Replies
View Related
Sep 20, 2006
I am sure I'm being dumb here but I am trying to deploy an assembly with external_access.
I have signed the assembly using the <new> option in the project properties.
When I then try and create the Key I get the above error using the code below.
CREATE ASYMMETRIC KEY SQLExtensionUDTKey
FROM EXECUTABLE FILE = 'C:Documents and SettingsSimon SabinMy DocumentsVisual Studio 2005ProjectsSQLBitsCoreSQLExtensionsSQLExtensions.UDT�inDebugSQLExtensions.UDT.dll'
What could be the problem?
View 7 Replies
View Related
Jul 7, 2006
hey,
i have a problem, to import a self signed openssl certificate into the sql server 2005.
my final idea is to get encrypted columns from the database over an jdbc connection in a java client.
when i use a certificate generated by the sql server 2005, i can encryt columns of a table. then i catch the
the result in my java client. but in java, i need a keystore with the private key of the certificate.
ok. i have export the the certificate and the private key of the sql server 2005.
problem: in a keystore i can only import the certificate (signed public key) but not the private key.
my new idea is to import an openssl certificate or an certificate generated by the keytool (java) into the
sql server 2005 and encypt the data with the imported certificate. Problem: The SQL Server give me an
Exception: (Sorry i drag & drop the exception, is written in german)
Msg 15208, Level 16, State 1, Line 2
Die Datei für das Zertifikat, den asymmetrischen Schlüssel oder den privaten Schlüssel ist nicht vorhanden oder weist ein ungültiges Format auf.
My Import Statement is:
CREATE CERTIFICATE InsuranceCertOpenSSL
FROM
FILE = 'E:masterkeysinsuranceservice_tomcat_apr_x509_certificate_with_cygwin_openssl_20060630insuranceservice_tomcat_x509_certificate_with_openssl.crt'
WITH PRIVATE KEY (
FILE = 'E:masterkeysinsuranceservice_tomcat_apr_x509_certificate_with_cygwin_openssl_20060630insuranceservice_tomcat_x509_certificate_with_openssl_private.key',
DECRYPTION BY PASSWORD = 'testit2_',
ENCRYPTION BY PASSWORD = 'testit2_'
)
I use password encryption, and not the internal master key (or service master key)
Hope for help :)
nils
View 18 Replies
View Related
Jun 30, 2006
Hello,
I have two different instances of sql server 2005 but i get
Connection handshake failed. The certificate used by the peer is invalid due to the following reason: Certificate not found. State 89.
This is one of the two instances:
use master
--ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = 'dsjdkflJ435907NnmM#sX003'
create master key encryption by password = 'hello'
create certificate [Certificato2]
from file = 'c:certsTransportCert2.cer'
with private key (FILE='c:certsTransportCert2.pvk',
decryption by password='simone')
active for begin_dialog = ON
CREATE LOGIN [M02] WITH PASSWORD = 'wrPqYkr%bm3';
ALTER LOGIN [M02] DISABLE;
CREATE USER [M02] FROM LOGIN [M02];
GO
create certificate [Certificato1]
authorization [M02]
from file = 'c:certsTransportCert1.cer'
active for begin_dialog = ON
GO
USE PublisherdDB
--ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = 'dsjdkflJ435907NnmM#sX003'
create master key encryption by password = 'hello'
create certificate [CertificatoDialogo2]
from file = 'c:certsDialogCert2.cer'
with private key (FILE='c:certsDialogCert2.pvk',
decryption by password='simone')
active for begin_dialog = ON
CREATE USER [Proxy::IsDbLookupRequestServiceM02] WITHOUT LOGIN;
GO
create certificate [CertificatoDialogo1]
authorization [Proxy::IsDbLookupRequestServiceM02]
from file = 'c:certsDialogCert1.cer'
active for begin_dialog = ON
CREATE REMOTE SERVICE BINDING [RSB::IsDbLookupRequestServiceM02]
TO SERVICE 'IsDbLookupRequestServiceM02'
WITH USER = [Proxy::IsDbLookupRequestServiceM02],
ANONYMOUS = OFF;
GO
CREATE ROUTE [Route::IsDbLookupRequestServiceM02,D516E70B-59D6-4BF4-882A-BDA7ACD6EB07] WITH
SERVICE_NAME = 'IsDbLookupRequestServiceM02',
ADDRESS = 'tcp://PORTATILEXP:4022';
GO
GRANT SEND ON SERVICE::[IsDbLookupResponseService] TO [Proxy::IsDbLookupRequestServiceM02]
GO
USE MASTER
CREATE ENDPOINT [BROKER]
AUTHORIZATION [VIDEOSYSTEMSimone_Farinea]
STATE=STARTED
AS TCP (LISTENER_PORT = 4033, LISTENER_IP = ALL)
FOR SERVICE_BROKER (MESSAGE_FORWARDING = DISABLED
, MESSAGE_FORWARD_SIZE = 10
, AUTHENTICATION = CERTIFICATE [Certificato2]
, ENCRYPTION = REQUIRED ALGORITHM RC4)
GRANT CONNECT ON ENDPOINT::[BROKER] TO [M02];
Here is the second one:
use master
--ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = 'hello'
create master key encryption by password = 'hello'
create certificate [Certificato1]
from file = 'c:certsTransportCert1.cer'
with private key (FILE='c:certsTransportCert1.pvk',
decryption by password='simone')
active for begin_dialog = ON
CREATE LOGIN [SIMONEX] WITH PASSWORD = 'wrPqYkr%bm3';
ALTER LOGIN [SIMONEX] DISABLE;
CREATE USER [SIMONEX] FROM LOGIN [SIMONEX];
GO
create certificate [Certificato2]
authorization [SIMONEX]
from file = 'c:certsTransportCert2.cer'
active for begin_dialog = ON
GO
USE vsi
--ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = 'hello'
create master key encryption by password = 'hello'
create certificate [CertificatoDialogo1]
from file = 'c:certsDialogCert1.cer'
with private key (FILE='c:certsDialogCert1.pvk',
decryption by password='simone')
active for begin_dialog = ON
CREATE USER [Proxy::IsDbLookupResponseService] WITHOUT LOGIN;
GO
create certificate [CertificatoDialogo2]
authorization [Proxy::IsDbLookupResponseService]
from file = 'c:certsDialogCert2.cer'
active for begin_dialog = ON
GRANT SEND ON SERVICE::[IsDbLookupRequestServiceM02] TO [Proxy::IsDbLookupResponseService]
GO
CREATE ROUTE [Route::IsDbLookupResponseService,88EB00C4-8CA9-4B45-9899-677AA70818B1] WITH
SERVICE_NAME = 'IsDbLookupResponseService',
ADDRESS = 'tcp://SIMONEX:4033';
GO
USE MASTER
CREATE ENDPOINT [BROKER]
AUTHORIZATION [VIDEOSYSTEMSimone_Farinea]
STATE=STARTED
AS TCP (LISTENER_PORT = 4022, LISTENER_IP = ALL)
FOR SERVICE_BROKER (MESSAGE_FORWARDING = DISABLED
, MESSAGE_FORWARD_SIZE = 10
, AUTHENTICATION = CERTIFICATE [Certificato1]
, ENCRYPTION = REQUIRED ALGORITHM RC4)
GRANT CONNECT ON ENDPOINT::[BROKER] TO [SIMONEX];
What's wrong in my code?
Many thanks.
View 1 Replies
View Related
Feb 19, 2007
Hello I haw trouble getting the service broker to work I have 3 instances of SQL servers:
1 Sender? SQL 2005 Server
2 Receiver 1? SQLEXPRESS 2005
3 Recevier 2? SQLEXPRESS 2005
What I wont is to be abele to do is to send a message from Sender? to Receiver 1? or Recevier 2?.
I am abele to send a message from Sender? to Receiver 1? but if I send a message to Receiver 2? I get a dialog security problem I think. If I use profiler I can se in Receiver 2? the events:
Broker:Connection
Audit Broker Login
Broker:Message Classify
Audit Broker Conversation = Certificate not found
Broker:Message Undeliverable
And I cant find whats wrong, this Is my scripts for etch instance.
Sender?
USE master
CREATE CERTIFICATE Cert_ROBOTSRV
WITH SUBJECT = 'Cert_ROBOTSRV_auth',
START_DATE = '02/15/2007',
EXPIRY_DATE = '02/15/2015'
GO
BACKUP CERTIFICATE Cert_ROBOTSRV TO FILE = 'C:Cert_ROBOTSRV'
GO
CREATE ENDPOINT SBEndpointServer STATE = STARTED
AS TCP (LISTENER_PORT = 5723)
FOR SERVICE_BROKER (AUTHENTICATION = CERTIFICATE Cert_ROBOTSRV)
GO
CREATE USER andon
CREATE CERTIFICATE Cert_sevapc311_pub AUTHORIZATION andon
FROM FILE = 'C:Cert_sevapc311'
--DROP CERTIFICATE Cert_Andonpc017_Trans
CREATE CERTIFICATE Cert_Andonpc017_Trans AUTHORIZATION andon
FROM FILE = 'C:Cert_andonpc017_Trans'
--DROP LOGIN sbLogin
CREATE LOGIN sbLogin
FROM CERTIFICATE Cert_Andonpc017_Trans;
GO
GRANT CONNECT ON ENDPOINT::SBEndpointServer TO [public]
GRANT CONNECT ON ENDPOINT::SBEndpointServer TO andon
GO
----------------------------------------------------
USE AndonDB
CREATE ROUTE Grafik_sevapc311
WITH SERVICE_NAME = 'Grafik_Service_Recive_sevapc311',
BROKER_INSTANCE = '7C737F42-2DF6-46E7-A6B6-89D1A9608DE2',
ADDRESS = 'TCP://sevapc311:5723'
GO
--DROP ROUTE Grafik_andonpc017
CREATE ROUTE Grafik_Andonpc017
WITH SERVICE_NAME = 'Grafik_Service_Recive_Andonpc017',
BROKER_INSTANCE = 'AE2B294A-B02E-4709-A51E-CFBFD0E478C1',
ADDRESS = 'TCP://192.168.20.106:5723'
GO
CREATE CERTIFICATE Cert_ROBOTSRV_Dialog
WITH SUBJECT = 'Cert_ROBOTSRV_auth',
START_DATE = '02/15/2007',
EXPIRY_DATE = '02/15/2015'
GO
BACKUP CERTIFICATE Cert_ROBOTSRV_Dialog TO FILE = 'C:Cert_ROBOTSRV_Dialog'
GO
CREATE CERTIFICATE Cert_sevapc311_pub_Dialog AUTHORIZATION andon
FROM FILE = 'C:Cert_sevapc311_Dialog'
--DROP CERTIFICATE Cert_andonpc017_Dialog
CREATE CERTIFICATE Cert_Andonpc017_Dialog AUTHORIZATION andon
FROM FILE = 'C:Cert_andonpc017_Dialog'
GRANT SEND ON SERVICE::[Grafik_Service_Send_ROBOTSRV]
TO andon
CREATE USER sbLogin
GRANT SEND ON SERVICE::[Grafik_Service_Send_ROBOTSRV]
TO sbLogin
GO
--GRANT SEND ON SERVICE::[Grafik_Service_Send_ROBOTSRV]
--TO [VADERSTADvrobot]
--GO
-- Grant RECEIVE permission on the queue.
GRANT RECEIVE ON [Grafik_Queue]
TO andon
GO
GRANT CONTROL ON SERVICE::[Grafik_Service_Send_ROBOTSRV]
TO andon
GO
--DROP REMOTE SERVICE BINDING Grafik_sevap
CREATE REMOTE SERVICE BINDING Grafik_sevap
TO SERVICE 'Grafik_Service_Recive_sevapc311'
WITH USER = andon
GO
--DROP REMOTE SERVICE BINDING Grafik_andonpc017
CREATE REMOTE SERVICE BINDING Grafik_andonpc017
TO SERVICE 'Grafik_Service_Recive_Andonpc017'
WITH USER = andon
Receiver 1?
use master
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'andonANDON'
CREATE CERTIFICATE Cert_sevapc311
WITH SUBJECT = 'Cert_sevapc311_Auth',
START_DATE = '02/15/2007',
EXPIRY_DATE = '02/15/2015'
GO
BACKUP CERTIFICATE Cert_sevapc311 To FILE = 'C:Cert_sevapc311'
CREATE ENDPOINT SBEndpointklient STATE = STARTED
AS TCP (LISTENER_PORT = 5723)
FOR SERVICE_BROKER (AUTHENTICATION = CERTIFICATE Cert_sevapc311)
CREATE CERTIFICATE Cert_ROBOTSRV_pub AUTHORIZATION andon
FROM FILE = 'C:Cert_ROBOTSRV';
GRANT CONNECT ON ENDPOINT::SBEndpointklient to andon
----------------------------------------------------------------------------------
use KlientDB
GRANT SEND ON SERVICE::[Grafik_Service_Recive_sevapc311]
TO andon
GO
GRANT CONTROL ON SERVICE::[Grafik_Service_Recive_sevapc311]
TO andon
GO
GRANT RECEIVE ON [Grafik_Queue]
TO andon
GO
CREATE Route Grafik_ROBOTSRV
WITH
SERVICE_NAME = 'Grafik_Service_Send_ROBOTSRV',
BROKER_INSTANCE = '2BA192F8-0BA3-4237-A156-21AFF7C65481',
ADDRESS = 'TCP://ROBOTSRV:5723'
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'andonANDON'
CREATE CERTIFICATE Cert_sevapc311_Dialog
WITH SUBJECT = 'Cert_sevapc311_Auth',
START_DATE = '02/15/2007',
EXPIRY_DATE = '02/15/2015'
GO
BACKUP CERTIFICATE Cert_sevapc311_Dialog To FILE = 'C:Cert_sevapc311_Dialog'
CREATE CERTIFICATE Cert_ROBOTSRV_pub_Dialog AUTHORIZATION andon
FROM FILE = 'C:Cert_ROBOTSRV_Dialog';
Receiver 2?
use master
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'andonANDON'
--DROP CERTIFICATE Cert_Andonpc017_Trans
CREATE CERTIFICATE Cert_Andonpc017_Trans
WITH SUBJECT = 'Cert_Andonpc017_Auth',
START_DATE = '02/15/2007',
EXPIRY_DATE = '02/15/2015'
GO
BACKUP CERTIFICATE Cert_Andonpc017_Trans To FILE = 'F:Cert_Andonpc017_Trans'
CREATE ENDPOINT SBEndpointklient STATE = STARTED
AS TCP (LISTENER_PORT = 5723)
FOR SERVICE_BROKER (AUTHENTICATION = CERTIFICATE Cert_Andonpc017_Trans)
--DROP USER andon
CREATE USER andon
--DROP CERTIFICATE Cert_ROBOTSRV
CREATE CERTIFICATE Cert_ROBOTSRV AUTHORIZATION andon
FROM FILE = 'C:Cert_ROBOTSRV';
CREATE LOGIN sbLogin
FROM CERTIFICATE Cert_ROBOTSRV;
GO
GRANT CONNECT ON ENDPOINT::SBEndpointklient TO [public]
--Select * from sys.certificates
---------------------------------------------------------------
use KlientDB
create user andon
Grant SEND ON SERVICE::[Grafik_Service_Recive_Andonpc017] to [Public]
GRANT SEND ON SERVICE::[Grafik_Service_Recive_Andonpc017]
TO andon
GO
GRANT CONTROL ON SERVICE::[Grafik_Service_Recive_Andonpc017]
TO andon
GO
GRANT RECEIVE ON [Grafik_Queue]
TO andon
GO
--DROP Route Grafik_ROBOTSRV
CREATE Route Grafik_ROBOTSRV
WITH
SERVICE_NAME = 'Grafik_Service_Send_ROBOTSRV',
BROKER_INSTANCE = '2BA192F8-0BA3-4237-A156-21AFF7C65481',
ADDRESS = 'TCP://ROBOTSRV:5723'
--Dialog Säkerhet
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'andonANDON'
--Drop CERTIFICATE Cert_Andonpc017_Dialog
CREATE CERTIFICATE Cert_Andonpc017_Dialog
WITH SUBJECT = 'Cert_Andonpc017_Auth',
START_DATE = '02/15/2007',
EXPIRY_DATE = '02/15/2015'
GO
BACKUP CERTIFICATE Cert_Andonpc017_Dialog To FILE = 'F:Cert_Andonpc017_Dialog'
--Drop CERTIFICATE Cert_ROBOTSRV_Dialog
CREATE CERTIFICATE Cert_ROBOTSRV_Dialog AUTHORIZATION andon
FROM FILE = 'C:Cert_ROBOTSRV_Dialog';
View 2 Replies
View Related
Jan 30, 2006
I am trying to test load balancing between multiple broker service instances. I have set up one sender and two receivers. When I tried sending a lot of messages from the sender, I noticed that all messages were being received by receiver 1 alone. While I am able to communicate between sender and receiver 1, I am not able to send message to the second receiver (I stopped the first receiver instance to find this out). I receive the "certificate not found" error in the Profiler for the second receiver. The code for my second receiver is very similar to the first one.
I am dumping in the full code down here. I appreciate if someone can figure out what is wrong. Thanks
Sender:
use [master];
go
create master key encryption by password = 'masterhello1';
go
create certificate TrpCertServ1
with subject = 'TrpCertServer1',
start_date = '06/01/2005';
go
--make sure the cert exist
select * from sys.certificates;
go
--dump out the public key of the cert to a file
--this will then be exchanged with the other instance
--make sure that the path you define below can be accessed
--by sql server. The file needs to be copied over to server 2
BACKUP CERTIFICATE TrpCertServ1
TO FILE = 'c:amitOfficialService BrokercertsTrpCertServ1Pub.cer';
go
--you need to create an endpoint in order to enable communication
--outside of this instance
CREATE ENDPOINT SSB1
STATE = STARTED
AS TCP
(
LISTENER_PORT = 4021
)
FOR SERVICE_BROKER
(
AUTHENTICATION = CERTIFICATE TrpCertServ1,
ENCRYPTION = REQUIRED
);
go
USE master ;
GO
ALTER ENDPOINT SSB1
FOR SERVICE_BROKER ( MESSAGE_FORWARDING = ENABLED,
MESSAGE_FORWARD_SIZE = 10 ) ;
GO
--check that the endpoint has been created
select * from sys.endpoints;
go
--create a login and a user which you eventually will assign a public
--key from the cert in the remote master db to
create login remconnlogin1
with password = 'remserver@1';
go
create user remconnuser1
from login remconnlogin1;
go
--grant connect to the endpoint to the login
grant connect on endpoint::ssb1 to remconnlogin1
go
--now is time to go over to server 2 and do similar tasks
--but first make sure that the cert you dumped out above can be
--available for server 2
--Step 2
-- you have now done the similar setup in server 2,
--and you should now do the final setup in master
--where you create a certificate from server 2's public
--cert and assigns it to the user created above
--uncomment from here to go and execute
create certificate TrpCertServ2Pub
authorization remconnuser1
from file = 'C:amitOfficialService BrokercertsTrpCertServ2Pub.cer';
go
--adding for new receiver
create certificate TrpCertServ3Pub
authorization remconnuser1
from file = 'C:amitOfficialService BrokercertsTrpCertServ3Pub.cer';
go
-- end of addition
use master;
go
--create the database
create database [rem_ssb1];
go
use [rem_ssb1];
go
--set master key
create master key
encryption by password = 'hellodb1';
create certificate DlgCertServ1Db1
with subject = 'DlgCertServ1Db1',
start_date = '06/01/2005'
active for begin_dialog = on;
go
--make sure the cert exist
select * from sys.certificates;
go
--dump out the public key of the cert to a file
--this will then be exchanged with the other instance
--make sure that the path you define below can be accessed
--by sql server. The file needs to be copied over to server 2
BACKUP CERTIFICATE DlgCertServ1Db1
TO FILE = 'c:amitOfficialService BrokercertsDlgCertServ1Db1Pub.cer';
go
--create a user which you eventually will assign a public
--key from the cert in the remote db to
create user remdlguser1
without login;
go
--Step 2
create certificate DlgCertServ2Db2Pub
authorization remdlguser1
from file = 'c:amitOfficialService BrokercertsDlgCertServ2Db2Pub.cer';
go
-- adding content for new receiver
create certificate DlgCertServ3Db3Pub
authorization remdlguser1
from file = 'c:amitOfficialService BrokercertsDlgCertServ3Db3Pub.cer';
go
-- end of addition
use [rem_ssb1];
go
-- we need two message types
CREATE MESSAGE TYPE [sendmsg]
VALIDATION = WELL_FORMED_XML;
CREATE MESSAGE TYPE [recmsg]
VALIDATION = WELL_FORMED_XML;
go
--create the message contract
--and define who sends what
CREATE CONTRACT [Ctract]
(
[sendmsg]
sent by initiator,
[recmsg]
sent by target
);
go
--create the queue, at this stage we do not care
--about activation
CREATE QUEUE q1
with status = ON;
go
--we need a service
CREATE SERVICE [rem_s1]
on queue q1
(
[Ctract]
);
go
--create a route to the remote service, we know it'll be called rem_s2
create route [rem_s2_route]
with
service_name = 'rem_s2',
address = 'TCP://127.0.0.1:4022';
go
--drop route [rem_s2_route]
-- adding for new route
create route [rem_s3_route]
with
service_name = 'rem_s2',
address = 'TCP://127.0.0.1:4023';
go
-- end of addition
select * from sys.routes
--as we'll be doing encrypted dialogs we need a remote service bindin
CREATE REMOTE SERVICE BINDING [myRms]
TO SERVICE 'rem_s2'
WITH USER = remdlguser1,
ANONYMOUS=Off
--give the user send rights on the service
grant send on service::rem_s1 to remdlguser1;
go
use [rem_ssb1];
go
----start the dialog and send a message
----uncomment from here until the following go statement and run
DECLARE @h uniqueidentifier --conversation handle
DECLARE @msg xml; --will hold the message
BEGIN DIALOG CONVERSATION @h
FROM SERVICE rem_s1
TO SERVICE 'rem_s2'
ON CONTRACT [Ctract];
SET @msg = '<hello00/>';
SEND ON CONVERSATION @h
MESSAGE TYPE [sendmsg]
(@msg);
RECEIVER 1:
--Step 1
use [master];
go
create master key encryption by password = 'masterhello2';
go
create certificate TrpCertServ2
with subject = 'Transport Certificate for Server2',
start_date = '06/01/2005';
go
--make sure the cert exist
select * from sys.certificates;
go
--dump out the public key of the cert to a file
--this will then be exchanged with the other instance
--make sure that the path you define below can be accessed
--by sql server. The file needs to be copied over to server 1
BACKUP CERTIFICATE TrpCertServ2
TO FILE = 'c:amitOfficialService Brokercerts2TrpCertServ2Pub.cer';
go
--you need to create an endpoint in order to enable communication
--outside of this instance
CREATE ENDPOINT SSB2
STATE = STARTED
AS TCP
(
LISTENER_PORT = 4022
)
FOR SERVICE_BROKER
(
AUTHENTICATION = CERTIFICATE TrpCertServ2,
ENCRYPTION = REQUIRED
);
go
--check that the endpoint has been created
select * from sys.endpoints;
go
--create a login and a user which you eventually will assign a public
--key from the cert in the remote master db to
create login remconnlogin2
with password = 'pass1234$';
go
create user remconnuser2
from login remconnlogin2;
go
--grant connect on the endpoint to the login
grant connect on endpoint::SSB2 to remconnlogin2
go
--copy in the public cert from server 1 to somewhere on this server
--create a certificate from the public cert from server 1
create certificate TrpCertServ1Pub
authorization remconnuser2
from file = 'c:amitOfficialService Brokercerts2TrpCertServ1Pub.cer';
--go back to server 1 and step 2 in the script 1_setup_sec_master_server1.sql
--make sure the public cert 'TrpCertServ2Pub.cer' is available
--from server 1
use master;
go
--create the database
create database [rem_ssb2];
go
use [rem_ssb2];
go
--set master key
create master key
encryption by password = 'hellodb2';
go
create certificate DlgCertServ2Db2
with subject = 'DlgCertServ2Db2',
start_date = '06/01/2005'
active for begin_dialog = on;
go
--make sure the cert exist
select * from sys.certificates;
go
BACKUP CERTIFICATE DlgCertServ2Db2
TO FILE = 'c:amitOfficialService Brokercerts2DlgCertServ2Db2Pub.cer';
go
create user remdlguser2
without login;
go
--copy in the public cert from server 1 to somewhere on this server
--create a certificate from the public cert from server 1
create certificate DlgCertServ1Db1Pub
authorization remdlguser2
from file = 'c:amitOfficialService Brokercerts2DlgCertServ1Db1Pub.cer';
use [rem_ssb2];
go
-- we need two message types
CREATE MESSAGE TYPE [sendmsg]
VALIDATION = WELL_FORMED_XML;
CREATE MESSAGE TYPE [recmsg]
VALIDATION = WELL_FORMED_XML;
go
--create the message contract
--and define who sends what
CREATE CONTRACT [Ctract]
(
[sendmsg]
sent by initiator,
[recmsg]
sent by target
);
go
--create the queue, at this stage we do not care
--about activation
CREATE QUEUE q2
with status = ON;
go
--we need a service
CREATE SERVICE [rem_s2]
on queue q2
(
[Ctract]
);
go
--create a route to the remote service, we know it'll be called rem_s1
create route [rem_s1_route]
with
service_name = 'rem_s1',
--broker_instance = 'D8EE8A81-F1B0-46B3-BBEB-70F19EF59083',
address = 'TCP://127.0.0.1:4021';
go
--as we'll be doing encrypted dialogs we need a remote service binding
--and the user is the user we created in the 2_setup_objects_server2_db.sql scripts
CREATE REMOTE SERVICE BINDING [myRms]
TO SERVICE 'rem_s1'
WITH USER = remdlguser2,
ANONYMOUS=Off
go
--give the user send rights on the service
grant send on service::rem_s2 to remdlguser2;
go
SELECT * from q2;
RECEIVER 2:
use [master];
go
--make sure master had master key
create master key encryption by password = 'masterhello2';
go
create certificate TrpCertServ3
with subject = 'Transport Certificate for Server3',
start_date = '06/01/2005';
go
--make sure the cert exist
select * from sys.certificates;
go
BACKUP CERTIFICATE TrpCertServ3
TO FILE = 'c:amitOfficialService Brokercerts3TrpCertServ3Pub.cer';
go
--you need to create an endpoint in order to enable communication
--outside of this instance
CREATE ENDPOINT SSB3
STATE = STARTED
AS TCP
(
LISTENER_PORT = 4023
)
FOR SERVICE_BROKER
(
AUTHENTICATION = CERTIFICATE TrpCertServ3,
ENCRYPTION = REQUIRED
);
go
--check that the endpoint has been created
select * from sys.endpoints;
go
--create a login and a user which you eventually will assign a public
--key from the cert in the remote master db to
create login remconnlogin3
with password = 'pass1234$';
go
create user remconnuser3
from login remconnlogin3;
go
--grant connect on the endpoint to the login
grant connect on endpoint::SSB3 to remconnlogin3
go
--copy in the public cert from server 1 to somewhere on this server
--create a certificate from the public cert from server 1
create certificate TrpCertServ1Pub
authorization remconnuser3
from file = 'c:amitOfficialService Brokercerts3TrpCertServ1Pub.cer';
use master;
go
--create the database
create database [rem_ssb3];
go
use [rem_ssb3];
go
--set master key
create master key
encryption by password = 'hellodb3';
go
create certificate DlgCertServ3Db3
with subject = 'DlgCertServ3Db3',
start_date = '06/01/2005'
active for begin_dialog = on;
go
--make sure the cert exist
select * from sys.certificates;
go
BACKUP CERTIFICATE DlgCertServ3Db3
TO FILE = 'c:amitOfficialService Brokercerts3DlgCertServ3Db3Pub.cer';
go
--create a user which you eventually will assign a public
--key from the cert in the remote db to
create user remdlguser3
without login;
go
--copy in the public cert from server 1 to somewhere on this server
--create a certificate from the public cert from server 1
create certificate DlgCertServ1Db1Pub
authorization remdlguser3
from file = 'c:amitOfficialService Brokercerts3DlgCertServ1Db1Pub.cer';
--create the message contract
--and define who sends what
CREATE CONTRACT [Ctract]
(
[sendmsg]
sent by initiator,
[recmsg]
sent by target
);
go
--create the queue, at this stage we do not care
--about activation
CREATE QUEUE q2
with status = ON;
go
--we need a service
CREATE SERVICE [rem_s2]
on queue q2
(
[Ctract]
);
go
--create a route to the remote service, we know it'll be called rem_s1
create route [rem_s1_route]
with
service_name = 'rem_s1',
--broker_instance = 'D8EE8A81-F1B0-46B3-BBEB-70F19EF59083',
address = 'TCP://127.0.0.1:4021';
go
--as we'll be doing encrypted dialogs we need a remote service binding
--and the user is the user we created in the 2_setup_objects_server2_db.sql scripts
CREATE REMOTE SERVICE BINDING [myRms]
TO SERVICE 'rem_s1'
WITH USER = remdlguser3,
ANONYMOUS=Off
go
--give the user send rights on the service
grant send on service::rem_s2 to remdlguser3;
go
select * from q2
View 7 Replies
View Related
Nov 19, 2015
We are unable to login in database due to “The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x80090331. Check certificates to make sure they are valid. Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.”we have tried to run that selfssl.exe from command prompt followed by below command and am getting the cryptographic error.
View 3 Replies
View Related
Jun 29, 2007
Hi, We are trying to implement Service Broker between SQL Server Express and SQL Server on the Same machine and we are having problems with certificates. We are creating a certificate on SQL Server, backing up the certificate on a file system and then loading certificate on the SQL Server Express from the file and we are keep getting the following error: Msg 15208, Level 16, State 1, Line 1 The certificate, asymmetric key, or private key file does not exist or has invalid format.
Following script runs fine on SQL Server.
Code Snippet
use master
Create Master Key Encryption BY Password = '45Gme*3^&fwu';
BACKUP MASTER KEY TO FILE = 'C:ServiceBrokerPrivateKeyMasterB.pvk'
ENCRYPTION BY PASSWORD = '45Gme*3^&fwu'
Create Certificate EndPointCertificateC
WITH Subject = 'C.Server.Local',
START_DATE = '06/01/2006',
EXPIRY_DATE = '01/01/2008'
ACTIVE FOR BEGIN_DIALOG = ON;
BACKUP CERTIFICATE EndPointCertificateC
TO FILE = 'C:ServiceBrokerEndPointCertificateC.cer'
Following script runs on SQL Server Express:
Code Snippet
Create Certificate EndPointCertificateC
From FILE = 'C:ServiceBrokerEndPointCertificateC.cer'
WITH PRIVATE KEY (
FILE = 'C:ServiceBrokerPrivateKeyMasterB.pvk',
DECRYPTION BY PASSWORD = '45Gme*3^&fwu'
);
If we run the script other way around, it works fine. If we use the SQL Server on some other machine, the script works fine. But only on the same machine, it throws this error. We made sure the permissions and everything. Let us know if there is any work around or what are we doing wrong.
Any help is appreciated. Thank you,
View 4 Replies
View Related
Mar 6, 2007
Hi
I am trying to setup service broker by following the article on http://support.microsoft.com/default.aspx/kb/915852
The script ran without error, but when I try to send a message, I get the following in the trace Audit Broker Conversation and the message is not delivered.
The certificate's private key cannot be found
This message could not be delivered because the security context could not be retrieved.
Does anyone know what I did wrong, is it the Certficate in the Master Database or the Target Database
thanks
Paul
View 1 Replies
View Related
Sep 26, 2005
i'm trying to make private messages like the one in this site, i didnt start programming yet, the problem is in the DB schema, i have 3 tables (Users, Messages, MessageDetails) i think the problem that the UserID is related to the other two Tables, so to know the sender and reciever, when i try to view all messages for specific user and show all users who sent it, it give nothing back, so any help in the DB, thanx 4 help.
View 13 Replies
View Related
Mar 22, 2000
One of our clients controls data for about 150 companies. Each company has the same schema and is running SQL Server 7. The maintenence task is horrible. He would like to put all the data in one large database, but needs to control the access, so a user at one company selecting data in a table cannot have access to another company's data in the same table. I thought about using views for each company but that is 150 companies times 100 tables. With Oracle8i you can make virtual private databases. Can this be done in SQL Server 7? Thanks in advance
View 1 Replies
View Related
Aug 30, 2005
Web server: win2003 server with iis6DB: sql server 2000I have 50+ remote offices running an Access 2002 app which connectsdirectly to sql server at a 3rd party hosting company, in part using anodbc connection on the workstation.We recently moved our database (and our web site) in-house. The newdatabase is inside the firewall but outside the dmz, where it livesalong side the company's most sensitive databases. IT's policy won'tallow us to connect directly from the internet. I'm trying to avoidbuying another copy of sql server for the Access app, which I one dayhope to drop anyway in favor ofThe web server uses port 1433 to talk to the database. I was wonderingif there is a simple way to route requests from the Access app throughthe web server.Thanks,Bob
View 9 Replies
View Related
Feb 2, 2007
I have a couple of questions on the nature of shared and private deployment of SQL Server CE 2005 on mobile devices:
1. I've read that with a shared install, SQL Server 2005 Compact Edition files are automatically updated and serviced by Microsoft Update. I take it that this only applies to installations on desktop computers -- if you're installing on mobile devices, there IS no automatic update. Right?
2. I've also read that in order to do a shared install of SQL Server 2005 CE, the user must have administrative rights. How does this apply to installs on a mobile device? There is no such thing as an administrative user on a mobile device. However, mobile devices CAN require different levels of privilege to install certain programs -- do you need something like an application signed for privileged execution (via a M2M certificate) in order to do a shared install of SQL Server 2005 CE on a mobile device?
Or is the shared versus private deployment only an issue when deploying to a desktop?
Larry
View 4 Replies
View Related
Apr 20, 2007
MSDN has examples of deploying SQLCE privately for C# and VB.NET, but that doesn't seem to translate to C++. A .NET application just loads the assembly it needs from the local directory, but from what I can tell I need to use the OLE DB driver to use SQL CE in C++. The problem is that the OLE DB driver is a COM object that (presumably) needs to be registered.
Has anyone successfully used SQLCE from C++ without registering any COM objects? I'm thinking the only way to do that would be to call DllGetObject() on the DLL and get the object manually, but I've never done this so I'd hate to waste the time if there's an easier way, or if this won't work.
View 7 Replies
View Related
Apr 7, 2006
Is there any harm in defining a SqlConnection as a private class variable for a web page?Private SqlConnection cn = new SqlConnectection(ConfigurationManager.ConnectionStrings["MyString"].ConectionString);The connection is only opened in certain event handlers, and is closed right after use. It was always my understanding that creating the connection is not a big deal but opening the connection is. Is that correct?
View 1 Replies
View Related
May 12, 2007
I'm working on a VB.Net 2005 application that uses SQLCE as a backend database.
Following the instructions on how to do a private installation (http://msdn2.microsoft.com/en-us/library/bb219482.aspx) so that admin rights were not needed, I successfully got it working as a ClickOnce deployment. But today during a demo for a client, they ran into this error while installing the latest version from our publishing URL:
"Unable to install or run the application. Application requires that assembly System.Data.SQLServerCe version 9.0.42 .... must be installed in the Global Assembly Cache."
Basically it's saying the user isn't an admin so they can't install. This is the problem I went to great lengths to try to avoid, and is the reason we are using SQL CE in the first place: admin rights are not required to install our application's database. To our knowledge, SQL CE is the only Microsoft product that fits this scenario.
Now, I haven't changed anything in the publishing of the application to my knowledge, and when I check the project prerequisites, the SQLCE engine still isn't in there (as summarized at the above URL). Again following the instructions at the URL above for private installation, the required assemblies are still part of the project's files.
It must be something I did to cause this, but I have no memory of changing anything in regards to this part of the application. Our deadline is in 4 days and I cannot continue development until I get past this issue.
Where do I look to fix this problem? A little help would be greatly appreciated.
View 1 Replies
View Related
Jul 30, 2007
Here is what I am trying to do. I want to create a private / public key pair (either a certificate or asymmetric key) and be able to give the public key to my business contacts. They would then use the public key to encrypt data to be sent to me and then I could import that data into my SQL 2005 database and use the private key to decrypt it.
It seems to me that this should be a pretty simple process, but it is not. The reason I want to do this is that the data they send to me on a regular basis is sensitive. Currently we use PGP, but then I have to decrypt the data and then import it and then reencrypt it. It would greatly simplify my process if I could just import the data and use it.
So how can I do this. Most of the posts I read say that asymmetric keys are avaiable in SQL2005 but not recommended for use. I don't want my business contacts to be able to decrypt any of my data (if they got access to the database) just encrypt.
Any recommendations???
Thanks!
Jim Youmans
St Louis, Missouri
View 5 Replies
View Related
Jan 25, 2008
Folks- By reading all the results I got from doing a search on "private install" in this forum, I thought this must be as easy as:
1. Copying the seven DLL's comprising the engine to my application's install dir on the deployment machine. If my app is installed at C:MyApp then CE dll's would go into C:MyApp, thats where my WinMain'd exe is residing.
2. RegSvr32 on sqlceca35.dll, sqlceoledb35.dll
Since I'm using native C++/OLE DB, I don't think I'd need to care about System.Data.SqlServerCe.dll
However my app which is basically the NorthWnd sample is failing on CoCreateInstance(CLSID_SQLSERVERCE_3_0............)
Which means oledb provider not registered on the machine? am I correct?
I watched Steve Lasker's video, even though the private install covers managed code, but I thought I should be doing something very similar, apparently I'm missing something.
I'll appreciate any help.
P.S., The 7 dll's above I mentioned are:
sqlceca35.dll
sqlcecompact35.dll
sqlceer35EN.dll
sqlceme35.dll
sqlceoledb35.dll
sqlceqp35.dll
sqlcese35.dll
View 3 Replies
View Related
May 1, 2007
I've got a package which reads a text file into a table and updates another. I set up configurations so that I could import it into the SSIS store on both my dev and live servers. Now, I'm getting this error. I tried removing the configs and am still getting it.
I've been through each step and everything looks okay. Does anyone have any idea (a) what's wrong, (b) how to localise the error or (c) get any additional information? Or do I just have to recreate the package from scratch?
TITLE: Package Validation Error
------------------------------
Package Validation Error
------------------------------
ADDITIONAL INFORMATION:
Error at PartnerLinkFlatFileImporter: The connection "" is not found. This error is thrown by Connections collection when the specific connection element is not found.
Error at PartnerLinkFlatFileImporter [Log provider "SSIS log provider for SQL Server"]: The connection manager "" is not found. A component failed to find the connection manager in the Connections collection.
(Microsoft.DataTransformationServices.VsIntegration)
------------------------------
BUTTONS:
OK
------------------------------
View 20 Replies
View Related
Jul 16, 2007
Hi Guys, I've got a bit stuck trying to decide on a table structure for a private message like part of a site I'm building (I'm using SqlServer 2000, not that it really matters).at first I was going to use a single table with the following schema: MessageId intReplyToMessageId int (nullable)FromUserId uniqueidentifier (I'm using .net membership)ToUserId uniqueidentifier IsRead bitIsDeleted bitSubject nchar(50)Body nvarchar(1000) DateCreated datetimeDateUpdated datetimeCreatedBy uniqueidentifierModifiedBy uniqueidentifier What strikes me here is that I'm using alot of guids (which are huge) and if I'm going to be threading the messages (which I am) there's no easy way to return an ordered list of messages that are replies to each other. So then I thought about introducting a messageThreads table, but I can't think of anything to store there apart from a threadid (which seems to defeat the purpose)Any ideas? I can clarify more if necessary. Thanks
View 6 Replies
View Related
Jun 16, 2007
SQL 2005 Standard x64 Service Pack 2
Windows 2003 R2 X64 service pack 2
The principle, partner and witnesss have two NICs each (NIC1 and NIC2). I want them to communicate in NIC2 for sending logs and establishing quorum. This will happen in their own private network (say 192.168.1.0/24). The NIC1 in each server will be available for client communication. The domain and clients are in the network (say 10.1.1.0/24).
I am using the same domain account as SQL server service account in all three servers.
How can I do this?
Thanks
View 1 Replies
View Related
Apr 13, 2007
I'm having a great deal of difficultyconnecting to SQL 2005 sp1 during the running of the deployment tool on the FE.. The error message indicates that I have to install the Backward compatible tool on the FE... Did that and upgraded SQL to SP1... Still a no-workie..Exactly what SQLs are compatible with the Public version of OCS... It worked fine with the Private version and SQL2005...
View 2 Replies
View Related
Mar 18, 2007
I've just bought a Virtual Private Server Account because I want to host a number of different ASP.NET sites, each backed by their own SQL database. I've downloaded SQLEXPRE.EXE and SQLServer2005_SSMEE-x64.msi to the server and installed the database engine and Management Studio Express on the VPS.
My problem is that I cannot access the SQLEXPRESS on my server from my local machine. The Management Studio Express cannot get logged in. I've used "Surface Area Configuration Manager" to allow "Local and remote connections" using TCP/IP only. I've used SQL Server Configuration Manager" to enable the TCP/IP protocol. After making these changes I've stopped and started the SQL server - and even rebooted the machine. I've created a login "Remote User" for this access. I've added sqlservr.exe as an exception to the firewall.
What else do I need to do? Is there a simpleton's guide to completing this task?
View 1 Replies
View Related
Mar 23, 2007
Hi, I am using express database and tools. I have an aspnetdb express database because I am using the login controls, personalisation...Can I use this database for my private tables also? Or do I need a separate express database for my private tables? Will using aspnetdb database, which contains special asp.net tables, for my private website tables create any kinds of problems in using my website? I want to use a single express database for my website, not two different express databases.
Regards, Sandy
View 1 Replies
View Related
Jun 3, 2015
We are planning to encrypt few fields using asymmetric encryption. Tyring share public key with users and retain private key with us. How to generate keys? Haven't found any solid document on how to generate these keys.
View 0 Replies
View Related
Oct 15, 2006
I am trying to create an assembly object when a report is initialized and I am getting the error:
[rsCompilerErrorInExpression] The BackgroundColor expression for the textbox 'textbox2' contains an error: [BC30390] 'ReportExprHostImpl.CustomCodeProxy.X' is not accessible in this context because it is 'Private'
In the Code tab, I have:
Dim X As namespace.classname
Protected Overrides Sub OnInit()
X = new namespace.classname()
End Sub
In my color field, I have "=code.X.color"
If I replace the color field with "=namespace.classname.color" and have color be a shared property, then it works. However, I ultimately need the color to be based on individual user settings, so I cannot use the shared property approach.
Any ideas on how to get around this "because it is private" error?
FYI, I am trying to replicate the concept of themes using report formatting information pulled from a database.
View 2 Replies
View Related
Mar 23, 2015
I am trying to convert a certificate that was exported from our database server to be used by SQL Server for database encryption. When I run the PVKConverter, not Private Key File (PVK) is generated.The certificate has Server and Client Authentication as the purposes of the certificate.
What purpose or purposes does the certificate need in order to be able to be used by SQL Server 2012 SP2?Why doesn't the PVKConverter generate a private key file?I can use the command makecerts to generate a self signed certificate and have it work with SQL Server database encryption.
View 6 Replies
View Related
Jul 13, 2007
Hi all,
I have some doubt about the IP Required for configuring cluster(both Window and SQL server)
Details :
----------
How Many IP(Public & Private) Required for 2 Node Active/Passive both window and SQL server Cluster ?
IP(Public & Private) Required :
---------------------------------------
1 : For Window Clustering : 2 node Active/Passive Cluster ? How many ip ?
2 : For Sql Server Clustering : 2 node Active/Passive Cluster ?how many ip ?
3 : Is there any mathematics for that ? How to analyse the IP requirement ?
Thanks
View 2 Replies
View Related
Jun 19, 2015
I'm trying to implement a SSAS Project in a Virtual Machine using a private network. When I try to deploy the solution the program gives me the following error:
I already have a Windows Authentication but still gives me that error.
View 3 Replies
View Related
Apr 4, 2006
Hi
I am looking at documentation of CREATE CERTIFICATE statement. I am having hard time in understanding if I want to create CERTIFICATE with above mentioned options, how I am supposed to create either PRIVATE KEY file or EXECUTABLE file. any example would be really helpful for what I am doing here.
thanks
Satya
View 1 Replies
View Related
Dec 18, 2007
I'm green on this networking stuff so any help is greatly appreciated.
I have setup my home computer as a server and assigned a static IP to it. I installed SQL Server 2005 Developer and allowed remote connections to it through the Surface Area Config tool, added port 1433 TCP and 1434 UDP to firewall's exception list, and started the SQL Server Browser service.
Now I can't seem to remote connect to this SQL Server from my office network. Is there something I'm doing wrong here?
Thanks!!
View 3 Replies
View Related
Mar 4, 2008
Hello all,
can ayone tell me which exam i have to pass to get sql 2005 certificate andi n which site or link will get more information.
would be appreciated .
thanks folks.
View 2 Replies
View Related
