Difference between revisions of "Setup SSL Certificate for MSSQL"

From DevOps Notebook
(Created page with "1. Generate certificate on windows server <pre> New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=$env:COMPUTERNAME.$env:USERDNSDOMAIN" -DnsName "$env:COMPU...")
 
Line 1: Line 1:
 
1. Generate certificate on windows server
 
1. Generate certificate on windows server
<pre>
+
<syntaxhighlight lang="PowerShell">
 
New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=$env:COMPUTERNAME.$env:USERDNSDOMAIN" -DnsName "$env:COMPUTERNAME.$env:USERDNSDOMAIN",'localhost.' -KeyAlgorithm "RSA" -KeyLength 2048 -Hash "SHA256" -TextExtension "2.5.29.37={text}1.3.6.1.5.5.7.3.1" -NotAfter (Get-Date).AddMonths(120) -KeySpec KeyExchange -Provider "Microsoft RSA SChannel Cryptographic Provider"
 
New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=$env:COMPUTERNAME.$env:USERDNSDOMAIN" -DnsName "$env:COMPUTERNAME.$env:USERDNSDOMAIN",'localhost.' -KeyAlgorithm "RSA" -KeyLength 2048 -Hash "SHA256" -TextExtension "2.5.29.37={text}1.3.6.1.5.5.7.3.1" -NotAfter (Get-Date).AddMonths(120) -KeySpec KeyExchange -Provider "Microsoft RSA SChannel Cryptographic Provider"
</pre>
+
</syntaxhighlight>
 
 
 
2. Check user that runs MSSQL from Services and add permissions to '''certlm.msc''' ''/ Personal / Certificates / <newcert> / Manage Private Keys'' <br>
 
2. Check user that runs MSSQL from Services and add permissions to '''certlm.msc''' ''/ Personal / Certificates / <newcert> / Manage Private Keys'' <br>
 
<br>
 
<br>

Revision as of 10:37, 31 January 2023

1. Generate certificate on windows server

New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=$env:COMPUTERNAME.$env:USERDNSDOMAIN" -DnsName "$env:COMPUTERNAME.$env:USERDNSDOMAIN",'localhost.' -KeyAlgorithm "RSA" -KeyLength 2048 -Hash "SHA256" -TextExtension "2.5.29.37={text}1.3.6.1.5.5.7.3.1" -NotAfter (Get-Date).AddMonths(120) -KeySpec KeyExchange -Provider "Microsoft RSA SChannel Cryptographic Provider"

2. Check user that runs MSSQL from Services and add permissions to certlm.msc / Personal / Certificates / <newcert> / Manage Private Keys

3. Go to Sql Server Configuration Manager and under SQL Server Network Configuration / Protocols for MSSQLSERVER add Certificate
4. Restart MSSQL service