SSL Certificate management on 3-node SQL 2019 Always On Cluster

2023-01-17T22:04:36.8833333+00:00

I'm a little confused about new SSL certificate management features in a 2019 Always On cluster. Cluster configuration scenario would be 3 cluster nodes, each having multiple SQL instances, and each SQL instance having at least two availability groups. Can I provision a single SSL cert and install that same cert on all three nodes? I suspect not since how would I configure the single cert with three different common names (for the three nodes?) Or is the solution to have three separate certs (one for each cluster node), and then import the certs on the active cluster node and distribute them to their appropriate cluster nodes? I guess the question is, is there a such thing as a multi-node SSL cert now in 2019 cluster?

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,290 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Seeya Xi-MSFT 16,411 Reputation points
    2023-01-18T02:11:53.2+00:00

    Hi Cooper, David A. [ISS] (Contractor),

    In SQL Server 2019 the whole process of enabling secure communication to the SQL Server Database Engine with the use of SSL/TLS certificates has been significantly enhanced but also simplified.

    You can go to SQL Server 2019 Configuration Manager to perform the below tasks:

    • Directly import an SSL/TLS certificate in SQL Server
    • View and validate certificates installed in a SQL Server instance
    • Identify which certificates may be close to expiring
    • Deploy certificates across Availability Group machines from the node holding the primary replica
    • Deploy certificates across machines participating in a Failover Cluster instance from the active node

    Regarding the scenario where you are importing an SSL/TLS certificate of a SQL Server Always On Availability Group-enabled instance, again the process is quite similar like the one for the standalone SQL Server machine, with the only difference that after choosing the certificate type to import, you are presented with the list of known Availability Groups for the SQL Server instance, and you can choose certificates for each replica node.

    Please refer to these articles: Certificate Management in SQL Server 2019

    SQL Server 2019 – Improved Certificate Management

    Best regards,

    Seeya


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments