Configuration of client to enable trust, How to test your client connection – HP Systems Insight Manager User Manual
Page 110
2.
Certificate requirement:
For SQL Server to load an SSL certificate, the certificate must meet the following conditions:
a.
The certificate must be in either the local computer certificate store or the current user's
certificate store.
b.
The current system time must be after the Valid from property of the certificate and before
the Valid to property of the certificate.
c.
The certificate must be meant for server authentication. This requires the Enable Key Usage
property of the certificate to specify Server Authentication (1.3.6.1.5.5.7.3.1).
d.
The Subject property of the certificate must indicate that the common name (CN) is the
same as the host name of fully qualified domain name (FQDN) of the server computer.
If SQL Server is running on a failover cluster, the CN must match the host name of FQDN
of the virtual server and the certificates must be provisioned on all systems in the failover
cluster.
e.
SQL Server 2008 R2 and the SQL Server 2008 R2 Native Client support wildcard
certificates. Other clients might not support wildcard certificates. For more information,
see the client documentation and Microsoft Knowledge Base KB258858 at
.
Configuration of client to enable trust
Procedure 26 How to enable client to trust SSL connection
1.
Export the certificates (chain) of SQL Server using MMC into files. Export the certificates in
the following order: rootCA, intermediateCA, and server certificate.
2.
Create a keystore on client-side using Java keytool or use JRE's keystore (cacertrs).
3.
Import the certificates into the keystore as trusted certificates in the following order:
a.
Root certificate (root CA)
b.
Intermediate certificate (intermediat CA)
c.
Server certificate
How to test your client connection
Procedure 27 How to test your client connection
•
To test your client connection, you can either:
a.
User the Query Analyzer Tool
or
b.
Use any JDBC/ODBC application where you can change the connection string.
HP SIM database property settings to enable SSL for SQL Server
To configure HP SIM to support SSL communication for SQL Server, complete the following:
Procedure 28 Configuring HP SIM property settings to enable SSL for SQL Server
1.
Import the SQL Server certificates to ~/HP Systems Insight Manager/config/
certstor/hp.keystore
as trusted certificates in the following order:
a.
Root certificate (root CA)
b.
Intermediate certificate (intermediate CA)
c.
Server certificate
2.
Change the following parameters in the database.props file:
a.
hp.Database.ssl=authenticate
b.
hp.Database.username=username
c.
hp.Database.password=password
3.
Change the following parameters in the database.admin file:
110
Understanding HP SIM security