To allow the certificate to be used for multiple hostnames/IPs, these must be set in the certificate as Subject Alternative Names (SAN).
Take keytool as an example:
Command:
keytool -genkey -alias -keyalg RSA -storetype PKCS12 -keysize 2048 -validity -keystore -storepass -ext san=ip:,dns:[,ip:,dns:]
Example:
If you have two database servers, the host names are serverA and serverB, and AlwaysOn listener name is virualHost, take serverA as an example:
keytool -genkey -alias servera -keyalg RSA -storetype PKCS12 -keysize 2048 -sigalg SHA256withRSA -validity 365 -keystore serverA.pfx -storepass changeit -dname "CN=serverA, OU=Quest, O=Quest Software Inc., L=ZH, ST=GD, C=CN" -ext san=dns:virualHost,dns:serverA
Copy the store file serverA.pfx to database serverA, and double click to import its certficate.
Run command certlm.msc and grant permission for SQL Server account through "Manage Private Keys..."
Add the SQL Server running account.
The SQLServer running account comes from SQL Server Service.
Select signed certificate for SQL Server and Restart SQL Server.
Click the "View" button and "Copy to File" to export certificate for monitoring.
How to import certificate see KB 317939
After that, you can use the AlwaysOn listener name (virualHost) to monitor.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center