Skip to content

Latest commit

 

History

History
146 lines (88 loc) · 7.16 KB

manage-certificates.md

File metadata and controls

146 lines (88 loc) · 7.16 KB
title description author ms.author ms.date ms.service ms.subservice ms.topic helpviewer_keywords
Certificate Management (SQL Server Configuration Manager)
Learn how to install certificates in various SQL Server configurations. Examples include single instances, failover clusters, and Always On availability groups.
rwestMSFT
randolphwest
11/19/2024
sql
configuration
how-to
connections [SQL Server], encrypted
SSL [SQL Server]
Secure Sockets Layer (SSL)
encryption [SQL Server], connections
cryptography [SQL Server], connections
certificates [SQL Server], installing
requesting encrypted connections
installing certificates
security [SQL Server], encryption

Certificate management (SQL Server Configuration Manager)

[!INCLUDE sql-windows-only]

This article describes how to deploy and manage certificates across your [!INCLUDE ssnoversion-md] Always On failover cluster instance (FCI) or availability group (AG) topology.

Transport Layer Security (TLS) certificates are widely used to secure access to [!INCLUDE ssnoversion-md]. With earlier versions of [!INCLUDE ssnoversion-md], organizations with large [!INCLUDE ssnoversion-md] estates had to spend considerable effort to maintain their [!INCLUDE ssnoversion-md] certificate infrastructure, often through developing scripts and running manual commands.

::: moniker range=">=sql-server-ver15"

With [!INCLUDE sssql19-md] and later versions, certificate management is integrated into the [!INCLUDE ssnoversion-md] Configuration Manager, which simplifies the following common tasks:

  • View and validate certificates installed in a [!INCLUDE ssnoversion-md] instance.
  • Identify which certificates might be close to expiring.
  • Deploy certificates across AG machines from the node hosting the primary replica.
  • Deploy certificates across FCI machines from the active node.

::: moniker-end

You can use certificate management in [!INCLUDE ssnoversion-md] Configuration Manager with earlier versions of [!INCLUDE ssnoversion-md], starting with [!INCLUDE sql2008-md].

::: moniker range=">=sql-server-ver15"

Note

These instructions apply to [!INCLUDE ssnoversion-md] Configuration Manager for [!INCLUDE sssql19-md] and later versions. For [!INCLUDE sssql17-md] and earlier versions, see Certificate management (SQL Server 2017 Configuration Manager).

::: moniker-end

::: moniker range="<= sql-server-2017"

Note

These instructions apply to [!INCLUDE ssnoversion-md] Configuration Manager for [!INCLUDE sssql17-md] and earlier versions. For [!INCLUDE sssql19-md] and later versions, see Certificate management (SQL Server 2019 Configuration Manager).

Install a certificate

::: moniker-end

::: moniker range=">=sql-server-ver15"

Install a certificate for a single SQL Server instance

  1. In [!INCLUDE ssnoversion-md] Configuration Manager, in the console pane, expand SQL Server Network Configuration.

  2. Right-click Protocols for <instance Name>, and then select Properties.

  3. Choose the Certificate tab, and then select Import.

  4. Select Browse and then select the certificate file.

  5. Select Next to validate the certificate. If there are no errors, select Next to import the certificate to the local instance. ::: moniker-end

::: moniker range="<= sql-server-2017"

  1. In [!INCLUDE ssnoversion-md] Configuration Manager, in the console pane, expand SQL Server Network Configuration.

  2. Right-click Protocols for <instance Name>, and then select Properties.

  3. Select a certificate from the Certificate dropdown list, and then select Apply.

  4. Select OK.

Install on failover cluster instance and availability group

For a failover cluster instance (FCI) configuration, complete these steps in the active node of the FCI. You must have administrator permissions on all the cluster nodes.

For an availability group (AG) configuration, complete these steps from the node hosting the AG primary replica. You must have administrator permissions on all the cluster nodes.

::: moniker-end

::: moniker range=">=sql-server-ver15"

Install a certificate in a failover cluster instance configuration

  1. In [!INCLUDE ssnoversion-md] Configuration Manager, in the console pane, expand SQL Server Network Configuration.

  2. Right-click Protocols for <instance Name>, and then choose Properties.

  3. Choose the Certificate tab, and then select Import.

  4. Select the certificate type, and whether to import for the current node only, or for each individual cluster node.

  5. If installing for a single node, choose Browse and select certificate file. Then skip to step 8.

  6. If installing a certificate for each node, select Next to list possible owner nodes. Possible owners for the current FCI are preselected.

  7. Choose Next to select the certificate to be imported.

  8. Enter the password when prompted. Look for any warnings or errors after validation.

  9. Select Next to import the selected certificates.

Note

Complete these steps in the active node of the FCI. User must have administrator permissions on all the cluster nodes.

Install a certificate in an availability group configuration

  1. In [!INCLUDE ssnoversion-md] Configuration Manager, in the console pane, expand SQL Server Network Configuration.

  2. Right-click Protocols for <instance Name>, and then select Properties.

  3. Choose the Certificate tab, and then select Import.

  4. Choose the certificate type and select Next to select from the list of known availability groups.

  5. Select Next to choose certificates for each replica node. Certificates should have a file name that matches the netbios name of the nodes.

  6. Select Next to import the certificate on each node.

Note

Complete these steps from the node hosting the AG primary replica. User must have administrator permissions on all the cluster nodes.

::: moniker-end

Related content