LogRhythm and SQL Server support any certificates that the Windows operating system can support, including certificates using SHA1 through SHA512 for the signature algorithm.
Verify Certificates with Windows Certificate Manager
- On the server where the certificates are installed, run mmc.exe.
- On the File menu, click Add/Remove Snap-in.
- Click the Certificates snap-in, and then click Add.
- Select the Computer account option, and then click Next.
- Select the Local computer option, and then click Finish.
- In the Add or Remove Snap-ins dialog box, click OK.
- Find your certificate.
- Certificate Location: LocalMachine or CurrentUser
- Certificate Store: MY (Personal) or ROOT
Server authentication: -sky exchange -eku 220.127.116.11.18.104.22.168.1
- Right-click the certificate, and then click Properties.
- Click the Certification Path tab.
You should see a tree structure with your certificate as the leaf and its signing certificate as the root. Additionally, the Certificate status field at the bottom of the dialog should state This certificate is OK.
- (Optional) If you did not create your own certificates, if you are not sure where your certificate came from, or to verify that your certificate has the right attributes, complete the following steps:
- Review the information on the General tab to ensure it says that the certificate can be verified up to a trusted certification authority.
- Make sure your certificate’s signing certificate — the Root certificate authority (CA) that was used to generate your client or server certificate — is in the LocalComputer’s Trusted Root Certification Authorities store.
- If it is a server certificate, make sure it has Server Authentication as an enhanced key usage value: 22.214.171.124.126.96.36.199.1.
Verify Data Indexer Certificates
- Open the Configuration Manager.
- On the left, click Data Indexers.
- To enable the Advanced View, on the bottom of the page, click Show.