Home > Security, SSIS > Securing Integration Services (Digital Certificate) – Part 2

Securing Integration Services (Digital Certificate) – Part 2


This is part 2 of the Securing Integration Services series. In this article I will be showing you how to Sign a SSIS package(s) with a digital certificate.

Digital certificate can be used alone or with other setting to protect SSIS package from loading and running in unauthorized location.

Before sign your package with certificate, make sure you have the following.

1. Get certificate from a  commercial certification authority that issues digital certificates.

or

2. Create or obtain a private key to associate with the certificate, and store this private key on the local computer.

Else, we can create our own certificate for testing purposes only. The Certificate Creation Tool (Makecert.exe). We need to install Window SDK to get this tool. Download here.

Using certificate creation tool MakeCert.exe. More information here.

We can see the certificates in the current environment using Certmgr.exe

I have created my test certificates to sign SSIS packages using the following commands

Create Root Certificate

makecert -n “CN=SSIS Certificate” -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -len 1024 -sr localMachine

Create Client Certificate

makecert -pe -n “CN=SSIS Code Signing Certificate” -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

Sign the certificate with SSIS

1. Select Digital Signing from SSIS menu in BIDS.

2. Click Sign button to select certificate.

3. Choose certificate and click ok.

4. We can remove the selected by clicking remove button  and click ok to complete the process.

We can view the certificates using certmgr.exe from the Windows SDK

 

 

 

Check this option in BIDS

Thanks for Reading.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: