I have worked in many government facilities throughout my career and most recently I was in charge of securing a couple SQL Server database servers. One of the items on the “checklist” to secure was installing a server-level DoD SSL certificate. By installing this certificate, it would allow me to enable “Force Encryption” in SQL Server Configuration Manager.
Work environments differ. Some require you to do everything. Some require you to do a certain point before passing it to a point of contact within the organization. If you are in charge of installing a DoD SSL Certificate and have a CAC card, then hopefully this blog will help you save time and headache! (feel free to contact me if you have any issues)
You will first have to submit your hash at the following link to get a “request ID”, which you will need to fill out the form.
**UPDATE: New DoD PKI SHA-256 CAs have been released. Enrollment pages for these CAs are available at: https://ee-id-sw-ca-37.csd.disa.mil
1. You click on the link above, and then choose “New 2048-bit SSL Enrollment form” option (see screenshot below)
2. Then, choose PKCS#10 for Certificate Request Type.
3. Cut and paste your has in the “Certificate Request” textbox.
4. Type out the FQDN of your server in the “General Name Value” textbox.
5. Enter in your Name, Email, Phone in the “Requestor Information”
6. Click Submit.
The following screen will display a “Request ID.” Copy that Request ID and paste it in the Certificate Request form. For more details on how to install the certificate, check out my blog post here: