Sql server 2008 使用域帐户创建证书_Sql Server 2008_Service Broker

Sql server 2008 使用域帐户创建证书

sql-server-2008

Sql server 2008 使用域帐户创建证书,sql-server-2008,service-broker,Sql Server 2008,Service Broker,是否可以在SQL Server 2008 Service Broker中创建支持的端点基于证书的身份验证和使用域帐户进行授权 e、 g 试试这个 ------------------------------------- -- connect to server ------------------------------------- use master; go create master key encryption by password = '...'; create certifi

是否可以在SQL Server 2008 Service Broker中创建支持的端点基于证书的身份验证和使用域帐户进行授权

e、 g

试试这个

-------------------------------------
-- connect to server
-------------------------------------
use master;
go
create master key encryption by password = '...';
create certificate [<servername>]
  with subject = '<servername>'
  , start_date = '20100216'
  , expiry_date = '20150216';

create endpoint broker 
state = started
as tcp (listenner_port = 4022)
for service_broker (authentication = certificate [<servername>]);

-- Export the public key to disk
backup certificate [<servername>]
to file = '\\someshare\<servername>.cer';

--------------------------------
-- connect to client
--------------------------------
use master;
go
create master key encryption by password = '...';
create certificate [<clientname>]
  with subject = '<clientname>'
  , start_date = '20100216'
  , expiry_date = '20150216';

create endpoint broker 
state = started
as tcp (listenner_port = 4022)
for service_broker (authentication = certificate [<clientname>]);

-- Export the public key to disk
backup certificate [<clientname>]
to file = '\\someshare\<clientname>.cer';

--create an identity for server and import the server's certificate:
create login [<servername>] with password = '...';
alter login [<servername>] disable;
create user [<servername>];

create certificate [<servername>]
  authorization [<servername>]
  from file = '\\someshare\<servername>.cer';

--authorize <servername> to connect on the broker endpoint 
grant connect on endpoint::broker to [<servername>];

---------------------------------------
-- connect to the server
---------------------------------------

--create an identity for client and import the client's certificate:
create login [<clientname>] with password = '...';
alter login [<clientname>] disable;
create user [<clientname>];

create certificate [<clientname>]
  authorization [<clientname>]
  from file = '\\someshare\<clientname>.cer';

--authorize <clientname> to connect on the broker endpoint 
grant connect on endpoint::broker to [<clientname>];

-------------------------------------
--连接到服务器
-------------------------------------
使用master；
去
通过密码=“…”创建主密钥加密；
创建证书[]
主语=“”
，开始日期='20100216'
，到期日='20150216'；
创建端点代理
状态=已启动
作为tcp（listenner_端口=4022）
对于service_broker（身份验证=证书[]）；
--将公钥导出到磁盘
备份证书[]
文件='\\someshare\.cer'；
--------------------------------
--连接到客户端
--------------------------------
使用master；
去
通过密码=“…”创建主密钥加密；
创建证书[]
主语=“”
，开始日期='20100216'
，到期日='20150216'；
创建端点代理
状态=已启动
作为tcp（listenner_端口=4022）
对于service_broker（身份验证=证书[]）；
--将公钥导出到磁盘
备份证书[]
文件='\\someshare\.cer'；
--为服务器创建标识并导入服务器的证书：
创建密码为“…”的登录[]；
更改登录[]禁用；
创建用户[]；
创建证书[]
授权[]
from file='\\someshare\.cer'；
--授权在代理终结点上连接
将endpoint:：broker上的connect授予[]；
---------------------------------------
--连接到服务器
---------------------------------------
--为客户端创建标识并导入客户端的证书：
创建密码为“…”的登录[]；
更改登录[]禁用；
创建用户[]；
创建证书[]
授权[]
from file='\\someshare\.cer'；
--授权在代理终结点上连接
将endpoint:：broker上的connect授予[]；

端点上的授权子句仅指定对象的所有者。这对实际的Service Broker安全性没有任何影响（除了由于是对象的所有者而自动向[domain\user]授予连接权限的副作用），谢谢您的回复。是否可以创建service broker设置，其中发布服务器端同时具有windows和基于证书的身份验证，而订阅服务器仅具有基于windows的身份验证。我之所以要如上所述设置service broker，是因为我们已有证书设置，并且希望将更多客户端与基于windows的身份验证集成。是的，这是可能的。ServiceBroker身份验证支持混合模式，只需为ServiceBroker指定两种模式：

（身份验证=WINDOWS证书[certname]）

。当这样设置时，它将使用Windows和其他仅支持Windows的端点，并使用证书和其他仅支持证书的端点。顺便说一句，这也适用于镜像端点。谢谢Remus…这对我有用：-）谢谢回复。是否可以创建service broker设置，其中发布服务器端同时具有windows和基于证书的身份验证，而订阅服务器仅具有基于windows的身份验证。我之所以要如上所述设置ServiceBroker，是因为我们已有证书设置，并且希望将更多客户端与基于windows的身份验证集成。

-------------------------------------
-- connect to server
-------------------------------------
use master;
go
create master key encryption by password = '...';
create certificate [<servername>]
  with subject = '<servername>'
  , start_date = '20100216'
  , expiry_date = '20150216';

create endpoint broker 
state = started
as tcp (listenner_port = 4022)
for service_broker (authentication = certificate [<servername>]);

-- Export the public key to disk
backup certificate [<servername>]
to file = '\\someshare\<servername>.cer';

--------------------------------
-- connect to client
--------------------------------
use master;
go
create master key encryption by password = '...';
create certificate [<clientname>]
  with subject = '<clientname>'
  , start_date = '20100216'
  , expiry_date = '20150216';

create endpoint broker 
state = started
as tcp (listenner_port = 4022)
for service_broker (authentication = certificate [<clientname>]);

-- Export the public key to disk
backup certificate [<clientname>]
to file = '\\someshare\<clientname>.cer';

--create an identity for server and import the server's certificate:
create login [<servername>] with password = '...';
alter login [<servername>] disable;
create user [<servername>];

create certificate [<servername>]
  authorization [<servername>]
  from file = '\\someshare\<servername>.cer';

--authorize <servername> to connect on the broker endpoint 
grant connect on endpoint::broker to [<servername>];

---------------------------------------
-- connect to the server
---------------------------------------

--create an identity for client and import the client's certificate:
create login [<clientname>] with password = '...';
alter login [<clientname>] disable;
create user [<clientname>];

create certificate [<clientname>]
  authorization [<clientname>]
  from file = '\\someshare\<clientname>.cer';

--authorize <clientname> to connect on the broker endpoint 
grant connect on endpoint::broker to [<clientname>];