 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / Other Technologies / Service Broker / February 2008Endpoint Authentication = Certificate error
I get this when I try to setup the following endpoint.I can create the endpoint when I do authentication = windows but that is not what I need here. There are two instances on different domains. Create Endpoint MemberUpdateTargetEndpoint STATE = STARTED AS TCP ( LISTENER_PORT = 4747 ) FOR SERVICE_BROKER ( Authentication = Certificate MemberUpdateCertPrivate ) Cannot find the object "MemberUpdateCertPrivate" because it does not exist or you do not have permissions. I am creating the certificate here, it is showing up when I do a select from sys.certificates. I am logging in as 'sa' do I need more rights or something? Create Certificate MemberUpdateCertPrivate With Subject = 'Certificate used for the Member Update Service', Start_Date = '01/01/2008' Thanks, John This worked fine on my end. Are you running this in master? I'm thinking you might have accidentally created the certificate in a different database, and CREATE ENDPOINT can't find it because it's looking in master.  SignatureAdam Machanic SQL Server MVP - http://sqlblog.com Author, "Expert SQL Server 2005 Development" http://www.apress.com/book/bookDisplay.html?bID=10220 >I get this when I try to setup the following endpoint.I can create the >endpoint when I do authentication = windows but that is not what I need [quoted text clipped - 24 lines] > Thanks, > John Both of the examples I've seen have me setup users & certificates inside the userdatabases that will be exchanging messages. But what you say here is correct, I cannot assign the cert to the SSB endpoint because EP is in master and Cert is in user database. Herein lies the problem: My Initiator & Target services are in user databases. How am I supposed to do a remote service binding from userdb to a user in master? Is there another set of certs that need to be created only in master for dialog auth...and the ones in userdb are for transport (encrypted) security? Please help, I'm at a standstill again. > This worked fine on my end. Are you running this in master? I'm thinking > you might have accidentally created the certificate in a different database, [quoted text clipped - 28 lines] > > Thanks, > > John Why not just back up the cert and restore it in master? SignatureAdam Machanic SQL Server MVP - http://sqlblog.com Author, "Expert SQL Server 2005 Development" http://www.apress.com/book/bookDisplay.html?bID=10220 > Both of the examples I've seen have me setup users & certificates inside > the [quoted text clipped - 49 lines] >> > Thanks, >> > John Problem is that my queues, services, and routes live in a user database....and my cert will be in master (so i can reference it on the endpoint). What parts can live in master, and what should be in user database. When my activation proc runs on the queue, i don't want it to reference the userdatabase...i would rather the queue & activation proc were inside that db. So can i put the service & the route in master, pointing to a queue in user db? Adding a db name prefix to objects in my SSB setup scripts does not work (ie...can't say mydb.mycert from ALTER ENDPOINT in master). Are some of these components allowed to cross db boundaries? Or is recommended design to have queue (and activation proc) in master? Thanks > Why not just back up the cert and restore it in master? > [quoted text clipped - 51 lines] > >> > Thanks, > >> > John > So can i put the service & the route in master, pointing to a queue in > user [quoted text clipped - 4 lines] > to > have queue (and activation proc) in master? Certificate-based principals can cross DB boundaries; as a matter of fact, it's the recommended way to manage cross-database permissions in 2005 (IMO). If you haven't already, read the following article which will hopefully clarify some of this for you: http://sommarskog.se/grantperm.html SignatureAdam Machanic SQL Server MVP - http://sqlblog.com Author, "Expert SQL Server 2005 Development" http://www.apress.com/book/bookDisplay.html?bID=10220 After some further thought...I see where you're going here. I simply restore the same cert into master...so I can reference it from the endpoint. But the remote service binding in my user db is still valid. It seems like a trick to me though, but if it works, I'm happy. But if the broker instance id or some other db specific value is part of what's hashed into that cert, then it won't really be the same cert in a different db. I'll try it out and let you know how it goes. Thanks. > Why not just back up the cert and restore it in master? > [quoted text clipped - 51 lines] > >> > Thanks, > >> > John |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.