MS SQL

  1. On the certificate holistic view, click Add Connector.
  2. Enter the General Information for the connector.
    Table 1. Field descriptions for the connector General Information
    Field Description
    *Category From the dropdown list, select Server.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the category selected at the time of certificate enrollment.
    *Vendor From the dropdown list, select MSSQL.

    If the certificate being pushed was enrolled with CSR generation at endpoint, this field is auto populated with the vendor selected at the time of certificate enrollment.
    *Connector Name
    Enter a name for this connector, to be able to identify it later.
    Tip: AppViewX recommends naming connectors according to use cases so they are easily distinguishable.
    Description Enter any additional details you want to record for this connector.
    Based on the information entered here, the SSL templates section is populated with the list of available MS SQL devices already onboarded in AppViewX.
  3. To select the device(s) to which the certificate will be pushed, under SSL templates, from the list of Available Devices, click .
    The Selected devices list is updated automatically.
  4. Enter the Certificate Details.
    Table 2. Field descriptions for the Certificate Details
    Field Description
    Certificate Type From the dropdown list, select the file type of the certificate to be pushed. AppViewX supports only PEM (*.crt) type as the certificate is imported to certificate store irrespective of the certificate type.
    Push Root and Intermediate Certificates To push the root and intermediate certificates, along with the end certificates, select this checkbox.
    Private Key in Device If the private key associated with the certificate being pushed has been stored on the MS SQL machine, select this checkbox.
    *Key Location This field is displayed when the Private Key in Device option is selected.

    Enter the file path to the private key location on the MS SQL machine.
    Service Restart Enabling this option will restart the SQL Server service to apply the configuration changes.
    Note:
    • By default, this setting is enabled based on the global device configuration. To modify, go to: CERT+ > Device Management > Server > Device Settings > Vendors > Microsoft SQL.
    • This feature requires Windows Gateway version v2024.1.0.0 or later. In earlier versions, the service restarts automatically by default.
    Force Encryption Enabling this option enforces encryption for all SQL server connections.
    Note:
    • By default, this setting is enabled based on the global device configuration. To modify, go to: CERT+ > Device Management > Server > Device Settings > Vendors > Microsoft SQL.
    • This feature requires Windows Gateway version v2024.1.0.0 or later. In earlier versions, the service restarts automatically by default.
    Note:

    Bind Operation in AppViewX for MS SQL:

    During the bind operation, AppViewX updates the registry with the following keys:

    • Certificate Thumbprint Key: Stores the thumbprint of the pushed certificate.
    • ForceEncryption Key: Set to 1 to enable encryption for the SQL instance.

    After updating these keys, the SQL service is restarted to apply the changes.
    Note:

    When pushing certificates , the system now automatically selects the appropriate PKCS12 encryption algorithm based on the target Windows Server version:

    • Windows Server 2016 and earlier: Uses TripleDES encryption for compatibility
    • Windows Server 2019 and later: Uses the encryption algorithm from General Settings
  5. Enter the Push Details.
    Table 3. Field descriptions for the Push Details
    Field Description
    *Script Location Script files are commonly used to perform certain tasks required to be completed before and/or after a certificate is pushed to the target system.

    The script to be run before the certificate is pushed is called a pre-push script and the script to be run after the push is called a post-push script.

    From the following options, select the location of the script file(s):

    • In AppViewX
    • In Device
    Pre - Push Script File Name Enter the file name of the pre-push script.
    Important: Read the pre and push script usage instructions here.
    Pre - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the pre-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Name Enter the file name of the post push script.
    Important: Read the pre and push script usage instructions here.
    Post - Push Script File Path This field is displayed when Script Location = In Device.
    Enter the location on your local system where the post-push script file is stored.
    Important: Read the pre and push script usage instructions here.
    Push Automatically To automatically push the certificate after it is renewed/reissued to the target system, enable this checkbox.
    Note: The auto push feature for a certificate works only if enabled for the certificate application connector as well the associated certificate group. To enable this feature at the certificate group level, refer the instructions here.
  6. Click Save.
    The connector is displayed on the certificate holistic view.