-
Notifications
You must be signed in to change notification settings - Fork 7
Installation of Always Encrypted Certificate
Home / Installation / Always Encrypted Certificate
You can download the latest version from the official Microsoft site: (https://support.microsoft.com/en-ie/help/2977003/the-latest-supported-visual-c-downloads)
Access the links to install OpenSSL binaries for Windows from the following site: (https://wiki.openssl.org/index.php/Binaries)
Download a version for Windows from the following link: (https://slproweb.com/products/Win32OpenSSL.html)
Follow the onscreen instructions to install the Win64OpenSSL_Light-1_1_0j.exe
and select the option to copy the OpenSSL DLLs to The OpenSSL binaries (/bin) directory
(https://slproweb.com/download/Win64OpenSSL_Light-1_1_0j.exe)
req -config C:\OpenSSL-Win64\bin\openssl.cfg -days 36525 -x509 -sha256 -nodes -newkey rsa:2048 -keyout AlwaysEncrypted.key -out AlwaysEncrypted.pem
- Country Name
- State of Province Name
- Locality Name
- Organization Name
- Common Name (append
AlwaysEncrypted
for a quick and visual reference) - Email address
- The
AlwaysEncrypted.key
andAlwaysEncrypted.pem
are created in theOpenSSL-Win64\bin
directory.
pkcs12 -export -out AlwaysEncrypted.pfx -inkey AlwaysEncrypted.key -in AlwaysEncrypted.pem
N.B. Store this Password in a safe place. You will need this Password to import the Certificate later on.
- The
AlwaysEncrypted.pfx
file is created in yourOpenSSL-win64/bin
directory.
N.B. The Always Encrypted Certificate must be installed in both your Database Tier server and Server Tier servers.
- The
Certificate Import Wizard
will open. Select the option forLocal machine
.
- Select the previously generated
AlwaysEncrypted.pfx
file to import.
- Enter the
Password
previously chosen during the export process.
- Select the
Automatically select the certificate store based on type of certificate
option.
- Click
Finish
to complete the installation of the Certificate.
- Log on the Server Tier server (only)
- Go to the folder
%ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
ORC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
- Grant the
read
privilege to theIUSR
user andIIS_IUSRS
group
Update
Database Scripts
Configuration
API
- Home
- Data
- Security
- Subscription
- System
- Navigation
- Notification
- Settings
- Workflow
- Px Build
Developer
- Home
- Developer Tools
- Client Tier
- Server Tier
- Database Tier