6

Does it matter? We buy our certificates from Thawte, and I don't see a special type of certificate for SQL Server as opposed to a certificate you'd buy for a web server.

Please be gentle with me if this is a dumb question. I'm a developer, not a server specialist.

David Stratton
  • 453
  • 2
  • 10

2 Answers2

2

I assume you mean the certificate used to encrypt TDS connections (ie. T-SQL connections), as opposed to the certificates used to encrypt DBM or SSB connections.

On TDS connections the client will validate the certificate to be trusted and to have an Issued To property matching the connection computer name. In order to be valid the certificate has to be signed by an authority that is trusted by the client. That means either:

  • you use a PKI infrastructure that uses a corporate trusted key (ie. a Certificate Server)
  • use a certificate signed by an authority trusted by default, already in the root trust list, like Verisign or Thawte
  • use a self signed certificate and install the certificate in every client machine

See How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console

Remus Rusanu
  • 8,283
  • 1
  • 21
  • 23
  • 1
    @Remus Rusanu... Thank you, You assume right, and the link you posted is where we got our information from. My question wasn't as clear as I needed it to be, I guess. In your bulleted list, we are going with option 2. My question, specifically, is "Is there a special type of certificate used for this application, or do we just use a standard SSL certificate, such as we would use for a web server? – David Stratton Mar 29 '10 at 15:04
  • For example, I know that Thawte sells SSL Certs for providing SSL on a web server, and also code signing certs. I also found a type for securing your email, which is a different type: http://www.thawte.com/resources/personal-email-certificates/index.html?click=DoYouNeedTo-SecureMail. Is there another type for securing a SQL Server, etc? – David Stratton Mar 29 '10 at 15:41
  • I'll give you a +1 for accuracy, even though it didn't answer the question. – David Stratton Mar 29 '10 at 15:45
  • SQL Server uses SChannel SSPI to establish an encrypted channel. In other words, it *actually uses SSL*. By all means, an SSL cert used for HTTPS/IIS should be usable by SQL Server as well, as it is the same SSPI provider that will gets used. That being said, I have never actually tried a Thawte cert myself (I'm not an operational kind of person). – Remus Rusanu Mar 30 '10 at 01:42
2

Never mind. I found the answer on this page: http://www.thawte.com/resources/ssl-information-center/ssl-beyond-ecommerce/index.html

in the Server to Server Communications section.

The answer is "No, there is not a different type of SSL certificate. You would use the same type of SSL Certificate you would use on a web server."

Sorry to have bothered you. I should have searched harder.

David Stratton
  • 453
  • 2
  • 10