Tuesday, September 25, 2007

Configuring Certificate for MSX (Master/Target Server Environment)

The certificates allow the SQL Servers to utilize SSL (required for the master target environment) and also a much more secure way of protecting our SQL login information which is transmitted in clear text across the network from our internet facing servers. Enabling SSL allows us to better protect these logins because they would be encrypted."
1) Install Certificate. - Import .pfx file provided by operations onto the sql server.
#1.1 - double click pfx file to begin certificate import. wizard will confirm file name. click 'next' to confirm
#1.2 - provide private key password, click next
#1.3 - select 'place certificates in following store' , select 'personal' , OK
#1.4 - click next on confirmation page, 'hopefully recieve the message - 'the import was successful'

2) Associate the certificate with sql instance
#2.1 - start > run > regedit {enter]
#2.2 - Use Regedit to navigate the registry to >
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\\SQLServerAgent\

Set MsxEncryptChannelOptions(REG_DWORD) to 2


Useful Links

Troubleshooting MSX >
http://blogs.ameriteach.com/chris-randall/2007/8/23/sql-server-2005-troubleshooting-multi-server-administration-.html

setting encryption options on target servers >
http://msdn.microsoft.com/en-us/library/ms365379.aspx

configuring certificate for use by ssl (by mmc) >
http://support.microsoft.com/kb/316898

configuring certificate for use by ssl (commands) >
http://msdn.microsoft.com/en-us/library/ms186362.aspx

No comments: