Re: Witango-Talk: OT: Looking for help - Certificates and SQL

Tue, 09 Dec 2003 17:28:46 -0800

Why not do it all at the network level using IPSec - VPN.

If the data is going through a firewall this is probably easier to administer and is less hassle in the long run. It also ensures that all data to and from the server is encrypted, not just the information to and from the db. Talk to your network guys and see what they can do for you.

Witango Support


On 10/12/2003, at 10:49 AM, Scott Cadillac wrote:

Yes, but what about when

Witango (ODBC <---(via SSL)---> SQL Server??

I think this article is saying to just set the "Force protocol encryption"
property in the "Server Network Utility" and the "Client Network Utility"
and you're done (or something like that).

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ dnnetsec/ht
ml/SecNetHT19.asp?frame=true

Hope this helps. Cheers....

-----Original Message-----
From: Ben Johansen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 4:33 PM
To: [EMAIL PROTECTED]
Subject: RE: Witango-Talk: OT: Looking for help - Certificates and SQL

Whoa here ;-)

HTTPS is for SSL com to IIS on port 443
SQL talks on port 1433 to ODBC


Browser(https) <--> IIS(SSL) port 443

Witango (ODBC <--> SQL Odbc Driver port 1433

Ben Johansen - http://www.pcforge.com
Authorized Witango & MDaemon Reseller
Available for Witango Developement


-----Original Message-----
From: Scott Cadillac [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 3:21 PM
To: [EMAIL PROTECTED]
Subject: RE: Witango-Talk: OT: Looking for help - Certificates and SQL

Hi Jamileh,

Maybe that's the trick to get this working.

In IIS when SSL is installed, HTTPS listens on port 443 instead of the
default 80.

Maybe when SSL is installed with SQL Server, it doesn't listen on the
default port 1433 anymore - maybe it's just listening on a different
port?

Maybe Enterprise Manager and the other SQL Client components just have
to be
configured for the different port?

In the SQL Server Client Network Utility, you can configure different
ports
for the default and there is a flag to "Force protocol encryption"

Hope this helps. Cheers......

Scott Cadillac,
Witango.org - http://witango.org
403-281-6090 - [EMAIL PROTECTED]
--
Information for the Witango Developer Community
---------------------

XML-Extranet - http://xmlx.ca
403-281-6090 - [EMAIL PROTECTED]
--
Well-formed Development (for hire)
---------------------


-----Original Message-----
From: Wilcox, Jamileh (HSC) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 4:10 PM
To: [EMAIL PROTECTED]
Subject: RE: Witango-Talk: OT: Looking for help -
Certificates and SQL 

Dunno, I'll have to ask.  I hadn't even gotten as far as
trying to set up any https files, and hadn't installed certs
on IIS yet.  We were just trying to get the boxes to talk
over the default SQL port.

-----Original Message-----
From: Jeff Bohmer [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 4:59 PM
To: [EMAIL PROTECTED]
Subject: Re: Witango-Talk: OT: Looking for help -
Certificates and SQL



A quick thought: do you have port 443 open to your web
server(s) on
any firewalls and in W2K network config?

- Jeff


OK, we have need to secure our internal communications
between servers.

Plan: set up inhouse Certificate Authority, and use those
certificates
to encrypt communications between IIS and MSSQL servers.
The ultimate
goal is to have encrypted Witango websites available via the
internet,
securely accessing restricted SQL databases behind our
firewall. We're 
talking serious federal regs here; we've got to be sure the data
remains protected.

We've set up a CA on our intranet webserver and added
certificates to
two test servers (IIS5 & MS-SQL2000, both on W2K). The CA
seems to be 
working OK, and certs seem to install on the servers.  However,
whenever we force encryption on the SQL server, we can't
access it at
all - not from the web, not from Enterprise Manager, nada.
(The data
was very safe, however. ;^D)

No one here has ever done either of these things (inhouse
CA or SQL
using certs), so we've no clue where the problem is. I'm
pushing to
get some help on this.

If anyone on the list is interested in consulting on this,
please send
me an email. I'm not making the decisions, and we're
notoriously slow
to spend money, so don't count on anything happening soon
or at all.
But if I can send some business to one of y'all rather
than M$, I'd
rather.

Thanks! j


_____________________________________________________________
__________ 
_
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf

--

Jeff Bohmer
VisionLink, Inc.
_________________________________
303.402.0170
www.visionlink.org
_________________________________
People. Tools. Change. Community.
______________________________________________________________
__________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf

______________________________________________________________
__________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf


______________________________________________________________
__________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf


______________________________________________________________
__________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf


_______________________________________________________________________ _
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf 

________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf

Reply via email to