Certificates (SQL Server)

A public key certificate, usually just called a certificate, is a digitally-signed statement that binds the value of a public key to the identity of the person, device, or service that holds the corresponding private key. Certificates are issued and signed by a certification authority (CA). The entity that receives a certificate from a CA is the subject of that certificate. PowerDesigner models certificates as extended objects with a stereotype of <<Certificate>>.

Creating a Certificate

You can create a certificate in any of the following ways:

  • Select Model > Certificates to access the List of Certificates, and click the Add a Row tool.

  • Right-click the model (or a package) in the Browser, and select New > Certificate.

Certificate Properties

You can modify an object's properties from its property sheet. To open a certificate property sheet, double-click its diagram symbol or its Browser entry in the Certificates folder.

The following extended attributes are available on the Microsoft tab:

Name

Description

Authorization

[v2005] Specifies the name of a user as the owner of the certificate.

Scripting name: Authorization

Assembly

[v2005] Specifies a signed assembly that has already been loaded into the database.

Scripting name: Assembly

Assembly File

[v2005] Specifies the complete path, including file name, to a DER encoded file that contains the certificate. The path name can be a local path or a UNC path to a network location. The file will be accessed in the security context of the SQL Server service account. This account must have the required file system permissions.

Scripting name: AssemblyFile

Executable

[v2005] If the EXECUTABLE option is used, the file is a DLL that has been signed by the certificate.

Scripting name: Executable

File

Specifies the complete path, including file name, to the private key. The private key path name can be a local path or a UNC path to a network location. The file will be accessed in the security context of the SQL Server service account. This account must have the necessary file system permissions.

Scripting name: PrivateKeyFile

Encryption password (private key)

Specifies the password that will be used to encrypt the private key.

Scripting name: PrivateKeyEncryptionPassword

Decryption password

Specifies the password required to decrypt a private key that is retrieved from a file.

Scripting name: PrivateKeyDecryptionPassword

Subject

Specifies the value of the subject field in the metadata of the certificate as defined in the X.509 standard.

Scripting name: Subject

Encryption password

[v2005] Use this option only if you want to encrypt the certificate with a password.

Scripting name: EncryptionPassword

Start date

Specifies the date on which the certificate becomes valid. If not specified, StartDate will be set equal to the current date.

Scripting name: StartDate

Expiry date

Specifies the date on which the certificate expires. If not specified, ExpiryDate will be set to a date one year after StartDate.

Scripting name: ExpiryDate

Active for begin dialog

Specifies that the certificate is available to the initiator of a Service Broker dialog conversation.

Scripting name: ActiveForBeginDialog
Parent topic: Encryption (SQL Server)