tags:

views:

248

answers:

1
Q: 

Setting Up SSL for SQL Server 2005 as LocalSystem

Due to some restrictions, we have to run the service as LocalSystem. I have generated a certificate and placed them in the following stores:

Certificates (Local Computer) Certificates - Service (SQL Server (MSSQLSERVER)) Certificates - Service (SQL Server (MSSQLSERVER)) Certificates - Current User

I am a domain admin. Everytime I go to SQL Server Configuration Manager -> SQL Server 2005 Network Configuration -> Protocols for MSSQLServer, right-click-> properties -> certificates, the drop down has no certs listed!

According to this, I'm doing everything right. I tried running as a local admin as well, no dice.

unless the service is running as LocalSystem, NetworkService, or LocalService, in which case you may use an administrative account.

Any ideas?

A: 

Validate that your Certificate meets the requirements listed on the following KB Article:

After you successfully install the certificate, the certificate does not appear in the Certificate list on the Certificate tab.

Note The Certificate tab is in the Protocols for Properties dialog box that is opened from SQL Server Configuration Manager.

This issue occurs because you may have installed an invalid certificate. If the certificate is invalid, it will not be listed on the Certificate tab. To determine whether the certificate that you installed is valid, follow these steps: Open the Certificates snap-in. To do this, see step 1 in the "How to Configure the MMC Snap-in" section. In the Certificates snap-in, expand Personal, and then expand Certificates. In the right pane, locate the certificate that you installed. Determine whether the certificate meets the following requirements: In the right pane, the value in the Intended Purpose column for this certificate must be Server Authentication. In the right pane, the value in the Issued To column must be the server name. Double-click the certificate, and then determine whether the certificate meets the following requirements: On the General tab, you receive the following message: You have a private key that corresponds to this certificate. On the Details tab, the value for the Subject field must be server name. The value for the Enhanced Key Usage field must be Server Authentication (). On the Certification Path tab, the server name must appear under Certification path. If any one of these requirements is not met, the certificate is invalid.

A bad certificate would be my next place to check for the symptoms that you list in your post.

Jonathan Kehayias  2009-09-29 02:34:15

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security