In order for SQL to use that certificate, the services have to be restarted. Now that I’ve generated a Certificate Request, I need to get the actual certificate, then upload it back to the server, import that certificate to the appropriate location in the certificate store, and assign it to SQL Server. I had to filter out the “home” address and ignore any IPv6 addresses so used this: Let’s start with getting the IPv4 address. We had need to use the DNS name, the FQDN, and the IPv4 address as part of our certificate request, so I had to adjust my code to handle that. It works by creating an INF file, then shelling out to “certreq.exe” to generate the CSR file needed to obtain a certificate from a certificate authority. Posts such as this one helped me get started. I read up on this in PowerShell and there’s no “easy” button for creating a certificate at this time, especially not when you need to add extra properties. But first, I had to generate the certificate itself. There’s a function in dbatools that supports setting the SQL Server Certificate and I knew that would be useful. I realized this would need some sort of script so reached for PowerShell and the dbatools module. This would include some descriptors for the names, IPv4 address, and ensuring that SQL Server would see the certificate when finished. There were quite a few servers to update and the certificates would need to be generated using a given format. I recently had a need to add certificates to SQL Servers throughout an organization.
0 kommentar(er)
