產生需求憑證給MSSQL’s SSL:
;—————– request.inf —————–
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "CN=FQDN" ; replace with the FQDN of the DC
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = FALSE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;———————————————–
[Extensions]
2.5.29.17 = "{text}"
_continue_ = "DNS=name1&"
_continue_ = "DNS=name2"
;—————– END Of request.inf —————–
c:\>certreq –new request.inf output_file_for_CAtoSign.req
Then you can sign this .req, and import it to server that generates it. And you can find out this certificate for MSSQL SSL Encryption.
沒有留言:
張貼留言