Sqlserver官方提供的Windows Powershell脚本
https://learn.microsoft.com/zh-cn/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver16
- # Define parameters
- $certificateParams = @{
- Type = "SSLServerAuthentication"
- Subject = "CN=$env:COMPUTERNAME"
- DnsName = @("$($env:COMPUTERNAME)", $([System.Net.Dns]::GetHostEntry('').HostName), 'localhost')
- KeyAlgorithm = "RSA"
- KeyLength = 2048
- HashAlgorithm = "SHA256"
- TextExtension = "2.5.29.37={text}1.3.6.1.5.5.7.3.1"
- NotAfter = (Get-Date).AddMonths(36)
- KeySpec = "KeyExchange"
- Provider = "Microsoft RSA SChannel Cryptographic Provider"
- CertStoreLocation = "cert:\LocalMachine\My"
- }
- # Call the cmdlet
- New-SelfSignedCertificate @certificateParams
在woncntestdb3数据库服务器上创建一个自签名的证书,再把这个自签名证书导出到C:\Certs\dainetdaicom.pfx,这个自签名证书的subject必须是woncntestdb3.dai.netdai.com,就算是*.dai.netdai.com或dai.netdai.com都无法把它从C:\Certs\dainetdaicom.pfx导入到woncntestdb3的sqlserver中
- $certParams = @{
- Type = "SSLServerAuthentication"
- Subject = "CN=$env:COMPUTERNAME.dai.netdai.com"
- DnsName = @("$($env:COMPUTERNAME)", $([System.Net.Dns]::GetHostEntry('').HostName), 'localhost')
- KeyAlgorithm = "RSA"
- KeyLength = 2048
- HashAlgorithm = "SHA256"
- TextExtension = "2.5.29.37={text}1.3.6.1.5.5.7.3.1"
- NotAfter = (Get-Date).AddMonths(36) # 有效期3年
- KeySpec = "KeyExchange"
- Provider = "Microsoft RSA SChannel Cryptographic Provider"
- FriendlyName = "Certificate test for woncntestdb3.dai.netdai.com"
- CertStoreLocation = "cert:\LocalMachine\My"
- }
- $cert = New-SelfSignedCertificate @certParams
- $password = ConvertTo-SecureString -String "123456" -Force -AsPlainText # 导入到sqlserver中提示输入密码的时候,就填这个密码
- $exportPath = "C:\Certs\dainetdaicom.pfx"
- Export-PfxCertificate -Cert $cert -FilePath $exportPath -Password $password
- openssl x509 -in /root/123/dainetdaicom.pfx -noout -dates
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
