I want to enable the SSL encryption on SQL Server but I am facing the issues on step 8.
Which certificate how have to request?
How can I get the certificate?
Ref link: https://www.mssqltips.com/sqlservertip/3299/how-to-configure-ssl-encryption-in-sql-server/
1.Open the Microsoft Management Console (MMC): click Start, then click Run and in the Run dialog box type: MMC
2.On the File menu, click Add/Remove Snap-in...
3.Select Certificates, click Add.
4.You are prompted to open the snap-in for your user account, the service
account, or the computer account. Select the Computer Account.
5.Select Local computer, and then click Finish.
6.Click OK in the Add/Remove Snap-in dialog box.
7.Click to select the Personal folder in the left-hand pane.
8.Right-click in the right-hand pane, point to All Tasks, and then click
Request New Certificate...
9.Click Next in the Certificate Request Wizard dialog box. Select certificate type 'Computer'.
10.You can enter a friendly name in text box if you want or leave it blank, then complete the wizard.
11.Now you should see the certificate in the folder with the fully qualified computer domain name.
Related
In previous versions of Thunderbird, when connecting to a server with a self-signed certificate, a warning was displayed, but the option was offered to create a security exception for that server with this dialog:
I could click on "Confirm Security Exception" and thereafter, TB could communicate with the server.
But in this version of TB, I only see a message:
Sending of message failed.
The certificate is not trusted because it is self-signed.
The configuration related to [server name] must be corrected.
There is no indication of what "must be corrected" for TB to trust the certificate.
The Certificate Manager in the Privacy settings section does open the dialog above. But once the correct IP:port is entered, the "Get Certificate" button does nothing apart from displaying "No Information Available". This renders the dialog pretty useless.
I'm not concerned about man in the middle attacks due to the lack of CA signing because the mail server is on an intranet.
Is there any other way to get TB 78 to work with self-signed certificates?
I also suffer from this issue for hours. Finally, I figure it out to solve it.
At first, I tried to download the certificate from Firefox. When I try to access https://bad-mail-admin.com:465 and it tells me:
This address uses a network port which is normally used for purposes
other than Web browsing. Firefox has canceled the request for your
protection.
Then I googled it and found the solution: https://support.mozilla.org/en-US/questions/1083282
Just go to about:config, right-click anywhere on the page and choose New > String. Create an option named network.security.ports.banned.override, with the value: 465
Then firefox show https://bad-mail-admin.com:465 successfully.
Immediately I realized that Firefox and TB use the same browser engine. So I repeat do it in "Config Editor" of TB.
Then go to Certificate Manager of TB, enter https://bad-mail-admin.com:465. Press "Get Certificate" and finally I can get the certificate and add it to the security exception.
only problem is that when the user has multiple email accounts that use different ports. That port override doesn't take multiple ports. I tried comma space colon semi-colon separated list with no success.
I'm having an issue with RDP failing the PCI-DSS scan (port 3389) due to the default self-signed cert that Microsoft Server (2012 R2) generates when RDP is set up. I need to configure RDP to use a trusted cert. How would I do that? I can find nothing out there that explains how that is done.
R/
Prescott ..
Many thanks to the support personnel at Ait.Com for figuring this out for me. The steps below are specific to Windows Server 2012 r2, can't say that it'll work for any other version.
Right click on Windows icon on bottom left and select Run
Enter "gpedit.msc" & hit Enter or click OK
You will see the Group Policy Editor window, on left pane select:
Computer Configuration ->
Administrative Template ->
Windows Components ->
Remote Desktop Services ->
Remote Desktop Session Host ->
Security
Under Security we will change the following settings:
Server authentication certificate template: Select Enabled
inside the input box, enter TLS 1.2 click Apply and OK to close the window
Set client connection encryption level: Select Enabled and on Encryption level dropdown select High Level
Require use of specific security layer for remote (RDP) connections: Select Enabled and on Security layer dropdown select SSL
Require user authentication for remote connections by using Network Level Authentication: Select Enabled
Install the verified TLS 1.2 certificate you bought from a certificate authority:
Right click on Windows icon on bottom left and select Run
Enter MMC & hit Enter or Click OK, a Console1 window will appear
On File menu select Add/Remove snap-in...
Select Certificates on left pane & click the Add button at the center
Select Computer Account & click Next
Select Local Computer & click finish
On left pane select Certificates (Local Computer) -> Personal
Inside Personal folder, you may or may not find a Certificates subfolder, but its ok in either case
If not already, we will import the TLS 1.2 certificate here inside Personal folder Right click -> All Tasks -> Import
By default, Local Machine is selected, click Next
Browse the file path and select the file here, click Next
Enter Password for the certificate & click Next
Select Place All certificates in the following Store, Click Browse to Select Personal folder, we can also select Remote Desktop folder here but only one is required...
Click Next and Click Finish
You should see your certificate inside Personal -> Certificates or Remote Desktop -> Certificate folder (whichever you selected)
Run these commands in power-shell (replace #YourHash# with your Thumbprint from the notepad). run these commands in each line one after the other. PowerShell should show a message that all went successful
$TSGeneralSetting = Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'"
$Hash = "#YourHash#"
$TSGeneralSetting.SSLCertificateSHA1Hash = $Hash
$TSGeneralSetting.put()
I am getting TF400997 when I am trying to configure TFS Scheduled backup using TFS Admin console. Here is my setup:
SQL Server name: Machine1
SQL Server service running under: sqlserverservice#domain.com (which is a domain user and local admin on Machine1 and Machine2)
SQL Server agent service running under: sqlserverservice#domain.com
TFS server name: Machine2
TFS service running under: tfsservice#domain.com (local admin on Machine2 and Machine1)
Network backup path: \Machine2\Backup (gave full permission to sqlserverservice#domain.com on Backup folder)
This is what I am getting while verifying the settings and it does not allow me to setup scheduled backup:
Google this already and it looks like my setup should work, Can anyone please help?
Please try this one:
configure your SQL Account to run under domain\tfsservice instead of tfsservice#domain.com
configure your TFSBackup
Backup is executed by TFS Job Service: check also TFS user's permissions.
The network share has to have computer (machine) based security rights. Here are the steps you have to do:
Open the properties of the shared folder on target machine.
Open the "Security" tab
Click on "Edit" button under the "Group or user names" frame. This will open the folder permissions window
Click "Add" on the "Permissions for ..." window. This will open the user/group selection window
Click "Object Types" button on the selection window. This will open the "Object Types" window
Select "Computers" on the "Object Types" window. Click on "Ok". This will close the "Object Types" window
Enter the target machine name into the object name frame. You can use the "Check Names" button to validate the name or use the "Advanced" button to select the computer from the domain objects list. Click on "Ok" and close the user/group selection window
Select the recently added computer object on the permissions window and give it the required permissions.
Close the remaining windows by clicking "Ok"
and voila!
The only tip I could mention is that you shouldn't use a subfolder from another share. It's possible but most probably you would end up dealing with mixed permissions.
PS: The SQL Service on TFS should be either in "Network Service" or "SYSTEM" context. Local account service logons won't gain access to the network share with these steps.
go to services and make this service SQL Server(SQLEXPRESS) log on as administrator
I have implemented a windows service that runs every 3 minutes and polls a database for notifications that are ready to be sent. I collects them into a list determines whether it is an ios or an android notification and then call the PushBroker (PushSharp solution is included as a compiled solution in my solution project) I then iterate the items in the list to process as follows:
static void ProcessIOS(List<Client> IOS)
{
PushBroker push = new PushBroker();
push.OnNotificationSent += NotificationSent;
push.OnChannelException += ChannelException;
push.OnServiceException += ServiceException;
push.OnNotificationFailed += NotificationFailed;
push.OnDeviceSubscriptionExpired += DeviceSubscriptionExpired;
push.OnDeviceSubscriptionChanged += DeviceSubscriptionChanged;
push.OnChannelCreated += ChannelCreated;
push.OnChannelDestroyed += ChannelDestroyed;
foreach (var entry in IOS)
{
string dev = entry.Device_Id.ToString();
string load = entry.Push_Payload.ToString();
int count = entry.Unread_Count;
var appleCert = File.ReadAllBytes(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "../../../productionfile.p12"));
push.RegisterAppleService(new ApplePushChannelSettings(true, appleCert, "password")); //Extension method
push.QueueNotification(new AppleNotification()
.ForDeviceToken(dev)
.WithAlert(load)
.WithBadge(count));
}
}
The messages are sent successfully, however, the issue I am having is
1. trying to retrieve the responses when message was sent successfully, or failed, reason for failure etc... these are delegates within the pushsharp code so that I can log the responses to our database. For clarification... I need to know what entry attempt(deviceID) the error responses are from. I am unable to tell by the generated messages from the notificationsent delegates since the data is not linked to any particular deviceid delivery attempt.
2. I also want to be able to keep the pushsharp code as is without modifications and call methods from my code to reduce merging issues when any updates are made to pushsharp code in future.
Any Suggestions?
If anyone can give me any examples on how to use the response events and delegates to retrieve information for each notification send attempt, I would appreciate it.
thank you.
I did not get any replies but with further research I was able to resolve my issue with the failed sucesses and was able to successfully send out notifications with no errors. The solution was to regenerated my certificates. Since I am using a windows server for my push notification server The following steps will guide you to generate an APNs certificate from a Windows Server.
If you have already generated your certificate from a Mac OS X workstation, you can skip this
section and upload your certificate to the Push Notification Server.
Step 1—Generating a Certificate Signing Request (CSR)
1. Go to Start > Administrative Tools > Internet Information Services (IIS) Manager, and select the
server name.
2. Double-click Server Certificates.
Note: The version of IIS server is 7.0 in this document.
From the Actions pane on the right, click Create Certificate Request. The Request Certificate
wizard appears.
In the Distinguished Name Properties window, type the following:
• Common Name—the name associated with your Apple Developer account
• Organization—the legally registered name of your organization/company
• Organizational unit—the name of your department within the organization
• City/locality—the city in which your organization is located
• State/province—the state or province in which your organization is located
• Country/region—the country or region in which your organization is located
Click Next. Cryptographic Service Provider Properties window appears.
Select Microsoft RSA SChannel Cryptographic Provider in the Cryptographic service provider
field and 2048 in the Bit length field, and then click Next.
Select a location where you want to save the certificate request file. Make sure to remember
the filename and the location where you save the file.
Click Finish. You have now created a CSR request and are ready to upload it to your Apple
development portal.
Step 2— Uploading CSR to your Apple development portal and generate the
APNs certificate
Step 3— Downloading and Installing your APNs certificate
Click Download to save the .cer file to your computer.
Copy the .cer certificate file to the same Windows Server computer where you created the
certificate request file.
Go to Start > Administrative Tools > Internet Information Services (IIS) Manager, select the
server name, and then double-click Server Certificates
From the Actions pane on the right, click Complete Certificate Request. The Complete
Certificate Request wizard appears.
Select the .cer certificate file that you downloaded from the Apple Developer Portal, and type
the name of your application (e.g. com.xxxx.xxxxx) in the Friendly name field.
Tip: The friendly name is not a part of the certificate itself, but is used by the server
administrator to easily distinguish the certificate.
6. Select OK. The certificate will be installed on the server.
7. Verify that your Apple Production Push Services certificate appears on the Server Certificates
list.
A. If you can see the certificate, follow the next steps to export the certificate and upload it to
the Push Notification Server.
8. Right-click on the certificate in the Server Certificates list, and then click Export.
Select the location where you want to save the file, choose a password for exporting, and then
click OK. (Export as a .pfx)
Tip: If you only have the option to save as a .cer file rather than a .pfx, then you are not
correctly exporting the certificate. Make sure you selected the correct file to export. If you still do not have the option to export as a .pfx go to step B. below.
Note: Make sure to remember the password, or keep it in the secure place. The password will
be required when uploading the certificate to the Push Notification Server.
After completing all these steps, you should have the following items:
• APNs certificate (.pfx format, not .cer format)
• The password that you set when exporting the certificate
You are now ready to upload your certificate to Push Notification Server if you are not on that server already.
B. If you DON’T can see the certificate in the Server Certificate UI as shown above or DO NOT have the option to export as a .pfx from that UI, follow the next steps to export the certificate and upload it to the Push Notification Server.
8 . Go to Microsoft Managenment console
9. On the Start Menu, click Run, type MMC, and then click OK. Microsoft Management Console opens with an empty console (or administrative tool) as shown in Figure 1 below. The empty console has no management functionality until you add some snap-ins. The MMC menu commands on the menu bar at the top of the Microsoft Management Console window apply to the entire console.
Click File->Open and select Console1.msc and Open
Right click on the certificate you want to export select All Tasks-> Export
Click Next on the Certificate Export Wizard
Choose Yes, export the private key
Warning: DO NOT select Delete private key
Select, Personal Information Exchange - PKCS #12 (.PFX) if not already selected by default.
Browse to the location where the .cer is residing on your machine
Select the location where you want to save the file, choose a password for exporting, and then click OK. (Export as a .pfx)
Go to the exported .pfx file and rename extension to .p12.
Place file in root directory where Push Notification Engine is installed (e.g. C:\ or D:)
I installed and configured SQL Server 2005 with Reporting Services, Workgroup Edition on Windows 7. I have updated to Service Pack 4. The problem is that when I navigate to http://localhost/reports/Pages/Folder.aspx, Reporting Services don't show/display Contents or Properties menus, all I see is the SQL Server Reporting Services header with the Home/Help button.
EDIT: I figured it out. You need to create role assignments that explicitly grant you access together with full permissions. To do this, follow these steps:
Start Internet Explorer together with the Run as administrator option. To do this, click Start, click All Programs, right-click Internet Explorer, and then click Run as administrator.
Open Report Manager. By default, the Report Manager URL is http://ServerName/reports.
If you use SQL Server Express with Advanced Services SP2, the Report Manager URL is http://ServerName/reports$sqlexpress. If you use a named instance of Reporting Services, the Report Manager URL is http://ServerName/reports$InstanceName
In the Home dialog box, click Properties.
Click New Role Assignment.
Type a Windows user account name by using the following format:
Domain\User
Click to select the Content Manager check box.
Click OK.
In the Home dialog box, click Site Settings.
Click Configure site-wide security.
Click New Role Assignment.
Type a Windows user account by using the following format:
Domain\User
Click System Administrator.
Click OK.
Close Report Manager.
I figured it out. You need to create role assignments that explicitly grant you access together with full permissions. To do this, follow these steps: Start Internet Explorer together with the Run as administrator option. To do this, click Start, click All Programs, right-click Internet Explorer, and then click Run as administrator. Open Report Manager. By default, the Report Manager URL is http://ServerName/reports.
If you use SQL Server Express with Advanced Services SP2, the Report Manager URL is http://ServerName/reports$sqlexpress. If you use a named instance of Reporting Services, the Report Manager URL is http://ServerName/reports$InstanceName In the Home dialog box, click Properties. Click New Role Assignment. Type a Windows user account name by using the following format: Domain\User Click to select the Content Manager check box. Click OK. In the Home dialog box, click Site Settings. Click Configure site-wide security. Click New Role Assignment. Type a Windows user account by using the following format: Domain\User Click System Administrator. Click OK. Close Report Manager.