This is part 2 of the Securing Integration Services series. In this article I will be showing you how to Sign a SSIS package(s) with a digital certificate.
Digital certificate can be used alone or with other setting to protect SSIS package from loading and running in unauthorized location.
Before sign your package with certificate, make sure you have the following.
1. Get certificate from a commercial certification authority that issues digital certificates.
or
2. Create or obtain a private key to associate with the certificate, and store this private key on the local computer.
Else, we can create our own certificate for testing purposes only. The Certificate Creation Tool (Makecert.exe). We need to install Window SDK to get this tool. Download here.
Using certificate creation tool MakeCert.exe. More information here.
We can see the certificates in the current environment using Certmgr.exe
I have created my test certificates to sign SSIS packages using the following commands
Create Root Certificate
makecert -n “CN=SSIS Certificate” -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -len 1024 -sr localMachine
Create Client Certificate
makecert -pe -n “CN=SSIS Code Signing Certificate” -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
Sign the certificate with SSIS
1. Select Digital Signing from SSIS menu in BIDS.
2. Click Sign button to select certificate.
3. Choose certificate and click ok.
4. We can remove the selected by clicking remove button and click ok to complete the process.
We can view the certificates using certmgr.exe from the Windows SDK
Check this option in BIDS
Thanks for Reading.
SQL Server Rider 