locked
GoDaddy is requiring the common name of my SSL certificate to be changed because it is an internal name. Can I just change the name of my server without repercussions? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello out there.  I've received the following e-mail from GoDaddy at the bottom of my post (I've slightly changed the common name of the cert to a bogus name for security purposes).  GoDaddy will revoke the certificate by October 1st unless I update the common name to a FQDN.  I'm going to test this on a non production virtual machine, but I still wanted to put a few questions out to the folks out there on the interwebs.

    1.  My server's computer name is currently the same as the common name of my certificate.  I've read this must so, or the encryption will not work.  Can I simply change the name of the server itself (computer name in Server 2008 R2 ) to www.abc.com from ABCSQL.companyname.local without any repercussions?

    2.  I have several different websites accessing this SQL server from different domain names.  Can I choose any one of my domain names?  For example if I choose www.abc.com as the common cert name for SQL, will www.xyz.com still be able to access the DB?

    3.  Right now I am not forcing encryption.  Anyone out there have an opinion on this setting?

    4.  As of now, the certificate is not available in the drop down list of the SQL Server Configuration Manager under SQL Server Network Configuration.  I've read this is because the certificate must use a FQDN.  Has anyone else experienced this issue?

    I have two SQL servers at the moment.  Both are Windows 2008 R2.  One is running SQL Server 2008 and the other is running SQL Server 2012.  Thanks for reading and thank you for any input you can provide.

    ***Email from GoDaddy below***

    An SSL certificate's common name is the primary domain name it secures/encrypts. Because your common name is an internal name or IP address, your certificate is no longer valid. This applies to the certificate for the following domain name(s):

    ABCSQL.companyname.local 

    Please change your common name to an FQDN before September 28, 2016. If you don't make this update, we're required to revoke your certificate by October 1, 2016. 


    • Edited by docbrown_ Thursday, September 8, 2016 10:10 PM
    Thursday, September 8, 2016 10:09 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    If you change the name of a SQL Server machine, then also run sp_dropserver 'oldname' and sp_addserver 'newname', 'local'. If you have replication, linked servers, any type of HA solution etc, then you are obviously in for a more bumpy ride!

    Tibor Karaszi, SQL Server MVP (Web Blog)

    Friday, September 16, 2016 3:52 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    The best option is to contact the support of GoDaddy, they should know best what to do here.

    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Saturday, September 10, 2016 7:53 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi docbrown_,

    As Olaf said, some questions you may need to contact the support of GoDaddy, we can only give you some suggestions.

    Firstly, the common name of certificate is valid only for the hostname specified with the certificate. We cannot only change the hostname of server and we can also use the certificate whose name is different from the hostname of server.

    Secondly, if you want to encrypt SQL Server using SSL, please note the following points:

    1.    The client machine must be set up to trust the certificate's root authority.
    2.    To install a certificate for use by SQL Server, you must be running SQL Server Configuration Manager under the same user account as the SQL Server service unless the service is running as LocalSystem, NetworkService, or LocalService, in which case you may use an administrative account.
    3.    The client must be able to verify the ownership of the certificate used by the server.

    Besides, the name of the certificate must be the fully qualified domain name (FQDN) of the computer.

    Best Regards,
    Teige
    • Proposed as answer by Teige Gao Monday, September 19, 2016 8:48 AM
    Monday, September 12, 2016 7:10 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks for taking the time to reply, but I'm not going to rely on GoDaddy support to answer questions regarding Microsoft SQL server.  My primary concern is that I'd rather not change the name of my server, but GoDaddy is now requiring the computer name to be a legitimate domain name like www.abc.com.  That part is black and white.  The server name is currently something like ABCSQL.companyname.local.

    Does anyone know if you can simply change the name of a SQL server without any problems?

    Tuesday, September 13, 2016 7:18 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks for the advice.  My primary concern is that the server name is currently something like ABCSQL.companyname.local and GoDaddy is now requiring the common name of the cert to be a legitimate domain name like www.abc.com.  So my main question is not really about certificates.  What I really need to know is - can I simply change the name of a server running MS SQL Server without any problems?
    Tuesday, September 13, 2016 7:21 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    If you change the name of a SQL Server machine, then also run sp_dropserver 'oldname' and sp_addserver 'newname', 'local'. If you have replication, linked servers, any type of HA solution etc, then you are obviously in for a more bumpy ride!

    Tibor Karaszi, SQL Server MVP (Web Blog)

    Friday, September 16, 2016 3:52 PM