Client enforced Encryption.

  • Dear All,

    We want to make a client enforced encrypted connection to a third party SQL Server where a Certificate has been added to the server. We have been provided with the public key that has been imported on to the client at our end.

    On querying sys.dm_exec_connections I find encrypt_option to be True. However how do I confirm that the encrypted connection is using the certificate that has been provided to us and not a server self signed certificate?

    Also is there a DMV query where I can check that the certificate has been assigned to the SQL Server i.e. rtificate tab in Protocols?

    Any help with the above will be appreciated.
    Thanks

  • kkanaya - Wednesday, June 6, 2018 9:39 AM

    Dear All,

    We want to make a client enforced encrypted connection to a third party SQL Server where a Certificate has been added to the server. We have been provided with the public key that has been imported on to the client at our end.

    On querying sys.dm_exec_connections I find encrypt_option to be True. However how do I confirm that the encrypted connection is using the certificate that has been provided to us and not a server self signed certificate?

    Also is there a DMV query where I can check that the certificate has been assigned to the SQL Server i.e. rtificate tab in Protocols?

    Any help with the above will be appreciated.
    Thanks

    You can control those settings through the client. Connection string properties encrypt = true/false, TrustServerCertificate = true/false. If you are using SSMS, when the connection window pops up, select options and the encryption settings are on the connection properties tab that is displayed. There is some information in this documentation in regards to the connection strings:
    Connecting with SSL Encryption
    The certificate itself would have been imported in the client machine. With the Certificates snap-in, you should be able to check the certificates intended purposes setting.

    Sue

  • Hi Sue,

    Thank you for your guidance. 
    Will I have these options (TrustStore, ValidateServerCertificate etc), if I was to do an OLEDB connection to the server having the certificate setup? I could not find that online.

  • kkanaya - Thursday, June 7, 2018 7:48 AM

    Hi Sue,

    Thank you for your guidance. 
    Will I have these options (TrustStore, ValidateServerCertificate etc), if I was to do an OLEDB connection to the server having the certificate setup? I could not find that online.

    Other options are listed in this documentation :
    SqlConnection.ConnectionString Property

    Sue

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply