Difference between revisions of "Setup SSL Certificate for MSSQL"
From DevOps Notebook
(Created page with "1. Generate certificate on windows server <pre> New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=$env:COMPUTERNAME.$env:USERDNSDOMAIN" -DnsName "$env:COMPU...") |
|||
Line 1: | Line 1: | ||
1. Generate certificate on windows server | 1. Generate certificate on windows server | ||
− | < | + | <syntaxhighlight lang="PowerShell"> |
New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=$env:COMPUTERNAME.$env:USERDNSDOMAIN" -DnsName "$env:COMPUTERNAME.$env:USERDNSDOMAIN",'localhost.' -KeyAlgorithm "RSA" -KeyLength 2048 -Hash "SHA256" -TextExtension "2.5.29.37={text}1.3.6.1.5.5.7.3.1" -NotAfter (Get-Date).AddMonths(120) -KeySpec KeyExchange -Provider "Microsoft RSA SChannel Cryptographic Provider" | New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=$env:COMPUTERNAME.$env:USERDNSDOMAIN" -DnsName "$env:COMPUTERNAME.$env:USERDNSDOMAIN",'localhost.' -KeyAlgorithm "RSA" -KeyLength 2048 -Hash "SHA256" -TextExtension "2.5.29.37={text}1.3.6.1.5.5.7.3.1" -NotAfter (Get-Date).AddMonths(120) -KeySpec KeyExchange -Provider "Microsoft RSA SChannel Cryptographic Provider" | ||
− | </ | + | </syntaxhighlight> |
− | |||
2. Check user that runs MSSQL from Services and add permissions to '''certlm.msc''' ''/ Personal / Certificates / <newcert> / Manage Private Keys'' <br> | 2. Check user that runs MSSQL from Services and add permissions to '''certlm.msc''' ''/ Personal / Certificates / <newcert> / Manage Private Keys'' <br> | ||
<br> | <br> |
Revision as of 10:37, 31 January 2023
1. Generate certificate on windows server
New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=$env:COMPUTERNAME.$env:USERDNSDOMAIN" -DnsName "$env:COMPUTERNAME.$env:USERDNSDOMAIN",'localhost.' -KeyAlgorithm "RSA" -KeyLength 2048 -Hash "SHA256" -TextExtension "2.5.29.37={text}1.3.6.1.5.5.7.3.1" -NotAfter (Get-Date).AddMonths(120) -KeySpec KeyExchange -Provider "Microsoft RSA SChannel Cryptographic Provider"
2. Check user that runs MSSQL from Services and add permissions to certlm.msc / Personal / Certificates / <newcert> / Manage Private Keys
3. Go to Sql Server Configuration Manager and under SQL Server Network Configuration / Protocols for MSSQLSERVER add Certificate
4. Restart MSSQL service