Results 1 to 4 of 4
  1. #1
    Join Date
    Oct 2004

    Unanswered: SSL on cluster - how do i do it

    Hello everyone -

    I need to install SSL on a SQL 2000 cluster system.

    I have secured a certificate for the cluster name of the system with a fully qualified domain name.

    I have placed the certificate on both nodes of the cluster in a location that both nodes has in common, but not in the cluster scheme.

    I do not want the certificate to be applied to the whole server, just on a client by client basis.

    thanks for the help!!

  2. #2
    Join Date
    Jul 2003
    San Antonio, TX
    I don't think your requirements can be met (though I've been wrong in the past, in the cluster world you can't rely on a node-based certificate to communicate with clients). Read this for details:
    "The data in a record depends on the Key to the record, the Whole Key, and
    nothing but the Key, so help me Codd."

  3. #3
    Join Date
    Oct 2004
    Hi everyone -

    Day 4 of the task... I am in constant contact with MS, but they are stumped.

    Scenerio -
    Cluster SQL 2000 SP4 system behind firewall
    Domain name - prod.qq
    SQL Name - site2
    cluster name - sqlsite02

    Outside users access through web address

    Special port - not the 1433

    Would like client security only, not at the server level

    I have gone through about 10 different SSL certificates.

    The closest i have been able to come is that cluster nodes 1 and 2
    can connect to the site2 SQL server using SSL, but the clients on the
    outside world cannot.

    Does anyone have ANY ideas on why this is failing?


  4. #4
    Join Date
    Oct 2004


    Hi everyone -

    Here is the update to the story.

    After spending four (4) business days with the kind folks at Microsoft India in the core department they have no answer.

    But here is what I have done based on several web sites and blogs.

    Since the outside world sees the server as a different name than the inside world does, that is where the problem came up.

    I secured a SSL with a FQDN that the outside world will use.

    I took the SSL thumbprint and hard entered it into the
    HKLM\Software\Microsoft\MSSQLServer\MSSQLServer\Su perSocketNetLib
    in the certificate entry.

    The server came up happy as a clam and the clients that i have supplied the certificate to can connect to the server using the encrypted toggle.

    I created two applications, one in VB6 and the other in C#, both have connection strings that are used based on the toggle of encryption.
    They seem to connect to the database with encryption and without.

    I am not sure if the data is encrypted over the net or not (my experience with a sniffer is very limited) so i cannot be for sure, but at least they connect.

    When my MS support rep comes back from training, i will pursue the testing of the SSL with him.

    take care

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts