Anonymous transport security

In the "Pro SQL Server 2005 Service Broker" Klaus Aschenbrenner wrote about setting up anonymous transport security. It's a really good case for an online shop to use the Service Broker technology. The main advantage of this kind of security: you don't need to exchange certificates between the initiator and the target.

To set up anonymous transport security do the following:

On the initiator's side

-- create master key in the master database
use master
create master key encryption by password = 'pass1'

--create certificate
create certificate initCertificate
with subject = 'For endpoint',
start_date = '11/08/2008'

-- create the Service Broker endpoint
create endpoint initEndpoint
state = started
as tcp (listener_port = 4070)
for service_broker (authentication = certificate initCertificate)

-- grant connect on this endpoint for all users
grant connect on endpoint::initEndpoint to [public]


On the target's side

-- create master key in the master database
use master
create master key encryption by password = 'pass1'

--create certificate
create certificate targetCertificate
with subject = 'For endpoint',
start_date = '11/08/2008'

-- create the Service Broker endpoint
create endpoint targetEndpoint
state = started
as tcp (listener_port = 4070)
for service_broker (authentication = certificate initCertificate)

-- grant connect on this endpoint for all users
grant connect on endpoint::targetEndpoint to [public]

Now the "Transport Security Configuration Wizard" doesn't allow to configure anonymous transport security but we will fix it in next product version.