Enable "force encryption" on SQL server

  • My production DB server is running without SSL since day one (force encryption is off at configuration manager)

    Someone is asking to use SSL connection from application server to DB server.

    If i issue a certificate and enable force encryption, should all existing clients be changed to encrypted connections too?

    in this case, we have to test functionality of all existing applications before we enabled force encryption.

     

    Much appreciate to your reply!

  • Presuming that the certificate is from a trusted certificate authority, once you enable force encryption, every client connecting will be encrypted.

    Keep in mind, the force encryption setting does exactly that, applications will NOT be able to connect to that instance without using encryption.  As for changing them, you may not need to do anything, it'll depend on the application.

    But you are correct, you will want to test this, ideally in a QA / test type environment first, as some applications might need changes to their connection strings.  We're required to use force encryption and when we first enabled it, the applications using ColdFusion needed a change to their connection strings before they'd connect.

    In general, .NET type applications will happily switch to encrypted (ex, SSMS you won't need to do anything.)

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply