I have a service broker application which is used to exchange messages between two endpoints.
I am currently using certificates for dialog and transport security.
The transport security certificate has been created in master database.
My understanding is that since service broker endpoint is a instance level object so I have to create the certificate in the master database.
But our production dba has suggested that we do not disturb the master database and create this certificate in some user database.
I don't see how that can be possible. Still I tried that, but endpoint creation script failed as it could not find the certificate.
Here I have two questions-
1. Is it possible to set up transport level security by creation of certificate in some user database and referring the sql server endpoint to this certificate.
2. I read somewhere in this forum that certificate authentication is preferable to Windows authentication for creation of endpoints. Is that correct? Is there any article which substantiates this?
Any help will be appreciated.
Warm regards.
Sudhir.
thanks Remus,
That was really helpful and quiet prompt.
Very glad that I posted my query here.
Thanks a bunch.
Have a nice day
Sudhir
|||1) No. Endpoint certificates must be deployed in master.
2) Certificates authentication does not depend on the availability of the Active Directory and can cross domains and forests.
HTH,
~ Remus
No comments:
Post a Comment