Using Self Signed Certificate with SqlClient
Before creating a self-signed certificate remember:
In cryptography and computer security, self-signed certificates are public key certificates that are not issued by a certificate authority (CA). These self-signed certificates are easy to make and do not cost money. However, they do not provide any trust value. Read more
Remember that the subject of a self-signed certificate must be the very same name as the FQDN.
Run following command in PowerShell:
- Run the following
PowerShellcommand:
New-SelfSignedCertificate -Subject "CN=<FQDN>" -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "cert:\LocalMachine\My" -TextExtension @("2.5.29.17={text}DNS=localhost&IPAddress=127.0.0.1&IPAddress=::1") -HashAlgorithm “SHA256” -Type SSLServerAuthentication -Provider “Microsoft RSA SChannel Cryptographic Provider”- type in search area run. When the Run application is opened type in mmc.
- Click on Add/Remove Snap-in
- In the left column click on
Certificatesand then click onAdd >button. - Select
Computer accountand clickNext >and clickFinish. You should be seeing something similar to the below picture:
- Press
OK.
- Now in the left panel, under Personal select Certificate.
- On the right panel you should be able to see the newly created certificate. The name will be your FQDN.
- Right click on the certificate > All Tasks > Manage Private Key
- Add required permission for SQL server instance user (NT Service\MSSQLSERVER).
Now you should be able to import this certificate to SQL server using SQL Server Configuration Manager.