Monday, 27 April 2009

Interesting: Infomercial Ratings

I can't say I've ever bought anything from an infomercial, and I doubt I ever will. However, I am often curious about what people who do the products have to say. Well now I don't have to wonder! I give you http://www.infomercialratings.com/
It's basically a site where people review all the crap wonderful stuff they buy from infomercials. Cool!

...and for the record I'll come clean. When I was a little kid I talked my mom into buying the Miracle Blade knives from an infomercial. In their defense I STILL have one of them and I still use it in the kitchen despite the fact that I once used it to make speaker stands out of pine planks and doweling rods. I'm not kidding either; I didn't have a saw and it worked like a charm. Who knew?

Thursday, 23 April 2009

Time keeps on slipping...

Where do the days go? I can't help but realize just how far behind I'm getting with regards to SQL and Windows Server :(
I've barely cracked the exciting SQL 2008 features and already I'm getting excited for Kilimanjaro. I haven't even started to learn the ins and outs of Windows 2008 and I'm looking at Windows 7 and drooling.
Then there's the world of BI that I want to get into... yikes!

I'm really looking forward to getting away from the office to attend TechEd this year. I REALLY need to get out of the constant interruptions so that I can focus on learning again. It's sort of like a very geeky "me time" trip ;)
I'm a bit bummed out that Kimbery and Paul won't be presenting this year as I've always really enjoyed their sessions and break-outs. That reminds me... I just stumbled upon the blog of Mr. Dan Jones tonight which is one I'll have to start following. I attended a few of his sessions two years ago and I believe he's also the one who led a Katmai focus group I attended; that was a blast and it's really cool to see our feedback materialized in the form of SQL 2008 SSMS!

Ok... enough work for tonight; Trish's texts indicate she's missing me so I had better call in a quick hello.

Cheers!

Sunday, 5 April 2009

Using SSL Certificates for SQL 2005 & 2008

I'm in the process of going back and editing some of my older posts so that I can link to this blog "without shame" and I noticed a posting about changing the MSX Encrypt Channel option to 0. I don't do that any more. I WANT my SQL servers to have SSL certs and I actively force SSL encryption on all traffic to and from my MSX servers.
So; how does one setup a SQL server to use an SSL cert in a domain when you're running the SQL service with a low-privliged (non-admin) domain user account (you ARE doing that, right?!)?

Simple.

  • First off, you're going to need to get a copy of winhttpcertcfg. Download that from MS and install it on the SQL host.
  • Then you'll need to request a cert from your domain CA and install it in the local computer store. I won't cover that process here, but it's not overly difficult.
  • Ensure you get a cert that can do SSL (webserver certs work 100%).
    When you request the cetificate ensure that the name is SQLHOSTNAME.FQDN For clusters use VIRTUALHOSTNAME.FQDN and ensure the private key is marked exportable. Store the certificate in the local computer store.
  • Once you have the certificate installed you need to grant access to the private key to the SQL service account: winhttpcertcfg.exe -c -g LOCAL_MACHINE\MY -s "SQLHOSTNAME.FQDN" -a "DOMAIN\SQLSERVICE_ACCOUNT"
  • Once you successfully grant access for the service account use the SQL Server Configuration Tool snap-in, and setup your protocols to use the cert. Then bounce the SQL service. You should see a note in the startup log that says something like "successfully loaded certificate for encryption" and NOT "loaded self-signed certificate for encryption".
The process is a little more involved for clusters (at least Veritas Storage Foundations clusters) and involves exporting the private key, importing it on the other nodes, and editing the registry with the certificate hash value as the SQL config tool mmc won't list the cert in its drop-down because it matches the VIRTUAL name and not the HOST name.

See this KB for all the MMC stuff I was talking about.
See this MSDN article for more info and an annotation from me.
UPDATE: Looks like I blogged about this previously as well!