This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

The Flexera Community is currently in maintenance mode to prepare for the upcoming launch of the new community. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Flexera Signed Security Certificates for SQL Server: expiration ?

Jump to solution
anzevuij
By
Level 3

Hello,

We're running a on-prem FNMS 2023 R2. The certificate FlexeraCodeSigning used to sign the assembly SqlProceduresClr.dll used in SQL Server will expire on September 4th. Is the solution will still be working after this date with the standard db settings ( TRUSTWORTHY = off, clr enabled = 1 and clr strict security = 1)? I know that a new certificate has been released, but it won't match our current dll's one.

Thanks for your help.

Jérémie

‎Aug 29, 2024 03:33 AM

0 Kudos
(1) Solution

Jump to solution
ChrisG
By Community Manager Community Manager
Community Manager

This certificate needed to be current (not expired) at the point in time when it was used to sign DLLs, which it was. The certificate does not need to be renewed to continue to use DLLs (including the SqlProceduresClr.dll file) that were signed using the certificate in the past.

DLLs in future releases of FlexNet Manager Suite will need to be signed by a new certificate, as the older certificates in use will all (shortly) have expired.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

‎Aug 29, 2024 04:33 AM

(3) Replies

Jump to solution
ChrisG
By Community Manager Community Manager
Community Manager

This certificate needed to be current (not expired) at the point in time when it was used to sign DLLs, which it was. The certificate does not need to be renewed to continue to use DLLs (including the SqlProceduresClr.dll file) that were signed using the certificate in the past.

DLLs in future releases of FlexNet Manager Suite will need to be signed by a new certificate, as the older certificates in use will all (shortly) have expired.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Aug 29, 2024 04:33 AM

Jump to solution
anzevuij
By
Level 3

Thanks Chris,

I was concerned because when we migrated from 2020 R1 to 2023 R2, DB migration failed during assembly import because of certificate mismatch between the one installed in the master db and the one used to sign the different assembly versions. We had to disable "clr strict security" to get it work...
But now, since the assembly is already installed, based on what you said, we don't need to import the latest certificate.
Have a nice day.

Jérémie

‎Aug 29, 2024 05:06 AM

0 Kudos

Jump to solution
mfranz
By Level 17 Champion
Level 17 Champion
In response to anzevuij

Disabling "clr strict security" is not a solution. At least it will not be one in managed SQL Server environments.

Depending on how many versions of FNMS you're migrating over, you may have to switch the certificate on your SQL Server between major versions. I usually start the migration with the existing certificate until it hits the "certificate ceiling", then switch to the new certificate and continue.

‎Aug 30, 2024 01:59 AM