DMVs Waits Cookbook Scripts XEvents SPs Catalog Functions Errors T-SQL Arch Ops

How to: Allow Service Broker Network Access by Using Certificates (Transact-SQL)

To allow another instance to send messages using certificate-based Service Broker transport

security, you create a user for the other instance and install the certificate for the other

instance.

  1. Obtain the certificate for the other instance from a trusted source. Typically, this involves

sending the certificate using encrypted email or transferring the certificate on physical

media such as a floppy disk.

  1. Create a login.

  2. Create a user for the login in the

database.

  1. Install the certificate for the other instance in the

database. The user created in

step 3 owns the certificate.

  1. Grant the login

access to the Service Broker endpoint.

  1. Dump the certificate that’s used for Service Broker transport security in the local instance.

  2. Provide the certificate to the administrator of the other database. The administrator of the

remote database installs this certificate using the previous steps 1 - 4.

Note

Only install certificates from trusted sources.

Note

Only dump the certificate used for transport security. Don’t dump or distribute the

private key associated with the certificate.

master master
CONNECT