none
mmc and service(sql server(MSSQLSERVER)) account RRS feed

  • Question

  • Hi,

    I am not sure where to post this question. After seeing couple of questions asked in this forum, I thought of doing same.

    Currently we are storing certificates on windows 2008 servers which also act as database server (SQL Server). Our admin logs into this server using an account (say devact) and installed certificates. So, if I log into server as devact and go to mmc, I see the certificate under CurrentUser\Personal folder. Everything is fine. We are small company and maintained by parent company. Parent company admins put our company admins on this server. My admin can log into this server but he won't be able to do anything to the certificates, if he wants to change or update anything. He needs to request parent admin to remove him from admin group and put him as devact. Then he can see certificates in mmc. It is becoming a hastle.

    We have ETL SSIS package that uses vb script to access this certificate. Our admins set up to run the package under devact credentials. That way, package can access certificate and encrypt data that goes to webservice.

    X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
    X509Certificate2 cert = null;
    string signatureValue = null;

    //Get Cert
    store.Open(OpenFlags.ReadOnly);
    cert = store.Certificates.Find(X509FindType.FindBySubjectName, ConfigurationSettings.AppSettings["CertName"], false)[0];

    Now our admins are thinking about putting the certificate under service account and see if devact can access this. For this admin logged into windows 2008 database server and did this:

    mmc -> file\Add Remove snap in -> double clicked on 'Certificates'. This opened another pop -> seleced Service Account -> click on Next and in next window -> selected Local Computer and clicked on Next button -> selected SQL Server (MSSQL Server) and clicked on Finish.

    This created snap under Cosole Root as : Certificates - Service (SQL Server(MSSQLSERVER)) on Local computer. Under this there is a sub folder called MSSQLSERVER\Personal and rest of the folders. We imported certificate into this MSSQLSERVER\Personal store.

    How can I access this store in the code in SSIS package. I tried ROOT, CA, My etc to get to this store. But not able to. What is this service account is for. I didn't find much help also.

    THanks,

    Spunny

    Friday, September 26, 2014 2:03 PM

Answers

All replies