Lokasi ngalangkungan proxy:   [ UP ]  
[Ngawartoskeun bug]   [Panyetelan cookie]                
Skip to content

Commit 833b5b1

Browse files
JamesFerebeeJamesFerebee
authored
Add Subject Alternate Name clarification for AGs (#29281)
1 parent 68d0ed8 commit 833b5b1

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

docs/database-engine/configure-windows/certificate-requirements.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ For using TLS for [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)]
3232

3333
- When connecting to an availability group listener, the certificates that are provisioned for each participating server node in the failover cluster should also have a list of all availability group listeners set in the **Subject Alternate Name** of the certificate. For more information, see [Listeners and TLS/SSL certificates](../availability-groups/windows/listeners-client-connectivity-application-failover.md#SSLcertificates). For more information on SQL Always On, see [Connect to an Always On availability group listener](../availability-groups/windows/listeners-client-connectivity-application-failover.md).
3434

35-
- The **Subject Alternate Name** should include all the names your clients may use to connect to a [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] instance.
35+
- The **Subject Alternate Name** should include all the names your clients may use to connect to a [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] instance. If using Availability Groups, the Subject Alternate Name should include the NetBIOS and Fully Qualified Domain Name (FQDN) of the localhost and created listeners.
3636

3737
The client must be able to verify the ownership of the certificate used by the server. If the client has the public key certificate of the certification authority that signed the server certificate, no further configuration is necessary. Microsoft Windows includes the public key certificates of many certification authorities. If the server certificate was signed by a public or private certification authority for which the client doesn't have the public key certificate, you must install the public key certificate of the certification authority that signed the server certificate on each client that is going to connect to [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)].
3838

0 commit comments

Comments
 (0)