I am looking for the right place to modify the CSR used by Certify so that it will have KeySpec=1. This is a requirement to use the cert in SQL Server 2012.
The ACMESharp client seems to support this:
var kpi = new CryptKeyProviderInformation(); kpi.ContainerName = containerName; kpi.ProviderType = 1; // PROV_RSA_FULL kpi.KeySpec = 1; // AT_KEYEXCHANGE
The certificate generated by Certify is not selectable in the SQL Server Configuration Manager.
The certificate should be valid (Valid From and Valid To properties), the Common Name (CN) in the Subject property of the certificate must be the same as the fully qualified domain name (FQDN) of the server, the Enhanced Key Usage property should include ‘Server Authentication (184.108.40.206.220.127.116.11.1)’ and the certificate must be created by using the KeySpec option of ‘AT_KEYEXCHANGE’.
Thanks for any insight.
This text will be hidden