Establishing a secure connection between ADAudit Plus and Microsoft SQL

ADAudit Plus supports storing and retrieving Windows servers' audit log data from Microsoft SQL databases. Administrators can secure the connection between their Microsoft SQL database and ADAudit Plus with an SSL certificate by following these three steps.

1. Create or import an SSL certificate into Microsoft SQL Server.
2. Associate the certificate with Microsoft SQL Server.
3. Export the certificate and associate it with ADAudit Plus.

Note: If you've already associated a valid third-party SSL certificate with your Microsoft SQL Server, you can skip steps 1 and 2. It is recommended to have a third-party certificate.

Create or import an SSL certificate into Microsoft SQL Server

You can either create a self-signed certificate or import a third-party certificate using Internet Information Services (IIS) Manager.

Creating a self-signed certificate

1. Open IIS Manager.
2. Click the name of the server in the Connections column in the left pane. In the middle row of icons, double-click Server Certificates.



3. Click Create Self-Signed Certificate in the Actions column on the right pane.



4. Enter a name, and click OK to proceed.
5. Click OK.

You should now see the SSL certificate, which is valid for one year.

Importing a third-party certificate

1. Open IIS Manager.
2. Click the name of the server in the Connections column in the left pane. In the middle row of icons, double-click Server Certificates.



3. Click Import in the Actions pane.



4. Browse and select the certificate file. Make sure the certificate is in PFX format.
5. Enter the password that you used while generating the certificate file.
6. Click OK.



Note: You can also use the Microsoft Management Console (MMC) snap-in to create a self-signed certificate or import a third-party certificate.

Associate the certificate with Microsoft SQL Server

1. Open SQL Server Configuration Manager.
2. Expand SQL Server Network Configuration and right-click Protocols for the Microsoft SQL Server instance to which you want to associate the certificate. Then click Properties.



3. On the Flags tab, select Yes in the Force Encryption box.



4. On the Certificate tab, select the certificate you want to use from the drop-down.



5. Click OK.
6. Restart the SQL Server.

Export the certificate and associate it with ADAudit Plus

Export the certificate using IIS manager

1. Open IIS Manager.
2. Click the name of the server in the Connections column in the left pane. In the middle row of icons, double-click Server Certificates.
3. Open the certificate you want to use.
4. Click the Details tab.
5. Click Copy to file.
6. In the Certificate Export Wizard that opens, click Next.
7. In the Export Private Key screen, select No, do not export the private key, and click Next.



8. In the Export File Format screen, select either DER encoded binary X.509 (.CER) or Base-64 encoded X.509 (.CER), and click Next.



9. Enter a name for the file, and click Next.
10. Click Finish.

Note: You can also use Microsoft Management Console (MMC) snap-in to export the certificate.

Associate the certificate with ADAudit Plus

1. Copy the exported CER file to the <AdAudit Plus Installation directory>\bin folder.
2. Open Command Prompt in that folder and run the following command:

ImportCert.bat -add "<certificate-name>" "<path-to-certificate>"

For example: ImportCert.bat -add "Template SSL CA" "C:\Template SSL CA.cer"

3. Restart ADAudit Plus.