Hello, I created a SSL certificate using OpenSSL for my Microsoft WebServer 2003, IIS 6.0. I am able to install and use it on the client and the server side as well. Now I want to use it for my MSSQL Server express 2008 R2 but it does not appear in the certificate list of the MSSQL server configuration manager. I tried a lot of this hints in the internet but none of them worked. I also found a list of prerequisites on the MS server but I am not sure how to understand it:
1) The certificate must be in either local machine or current user certificate store. 2) The certificate must have a good time stamp, i.e. the current system time must be in the valid time window of the certificate. 3) The certificate must be meant for Server Authentication, i.e. the certificate's Enhanced Key Usage property has to be turned on for Server Authentication (1.3.6.1.5.5.7.3.1). 4) The Certficate’s key spec must include AT_KEYEXCHANGE property. Usually, the certficate's key usage should include Key Encipherment. 5) The certificate’s subject CN must match the FQDN of the server machine, or the FQDN of the virtual server if the server runs on failover cluster. This implies that required certificates must be provisioned on all nodes in the failover cluster. Items 1, 2 and 3 are established. Item 4 is default as far as I was able to read. Item 5 is also true: the CN matches the FQDN. Can anybody help me? The following steps are performed by me for creating the certificate: set home=c:\openSSL\bin set randfile=File.rnd openssl genrsa -des3 -out firma-private.key 2048 openssl req -new -config 2.config -key firma-private.key -x509 -days 3065 -out firma-ca.cer openssl x509 -req -days 3065 -in certreq.txt -CA firma-ca.cer -CAkey firma-private.key -CAcreateserial -out extern-server.cer content of 2.config: [ req ] default_bits = 2048 distinguished_name = req_DN string_mask = nombstr [ req_DN ] countryName = DE countryName_default = DE countryName_min = 2 countryName_max = 2 stateOrProvinceName = N........ W........ stateOrProvinceName_default = N........ W........ localityName = W........ localityName_default = W........ 0.organizationName = S.....-C...... 0.organizationName_default = S.....-C...... organizationalUnitName = Software organizationalUnitName_default = Software commonName = s.....-c.......dyndns.org commonName_max = 64 commonName_default = s.....-........dyndns.org emailAddress = i...@s.....-c.......de emailAddress_max = 40 emailAddress_default = i...@s.....-c.......de Thanks in advance, Andree -- View this message in context: http://old.nabble.com/OpenSSL-for-MSSQL-tp31833348p31833348.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
