January 16, 2019 at 10:43 am
Hi,
Trying to setup TLS 1.2 on our DB servers.
I am using SQL2014 SP2 - so good there.
Do I have to create and install a certificate on the SQL server? I don't currently have one and was using TLS 1.0.
I have read many blogs and I can't figure out if it is required in order to use 1.2.
January 16, 2019 at 2:26 pm
No you don't need a certificate to use TLS1.2. Internally SQL is using by default automatically generated and self signed cert. You need a trusted cert if you use Force Protocol Encryption on the client, but you can also override the cert checking in connection string: TrustServerCertificate=True
https://support.microsoft.com/en-us/help/316898/how-to-enable-ssl-encryption-for-an-instance-of-sql-server-by-using-mi
January 17, 2019 at 7:45 am
Beyond the simple technical answer above, you might want to think about why you are enabling TLS 1.2? If its just to test it then trusted, self-signed certs are fine. However, if you are looking to roll this out across production servers, your audit requirements may include requirements for separate certificates. Not to mention that using them is more secure. Personally, I have been seeing tighter and tighter audit requirements showing up in our client audits, depending on your situation you may want to pre-empt that.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply