December 2, 2008 at 8:54 pm
Hi Folks,
I am having a problem with client allowing SQL Connection when the server has a ForceEncryption set to yes and Trust Server Certificate set to no and has no valid server certificate. I can see that the connection has become encrypted and the SSL packets are unintelligible so SSL is working otherwise.
I have read in BOL that if you force encryption on the client and don't trust the certificate any client that trys to connect and does not have a certificate will not allow the connection. I have used the client network utility in configuration manager on the server to set forceencryption on and left Trust Server certificate off. It then ask me to restart the service which I thought was strange as I have multiple instances on the server (I just restarted the instance I wanted encryption for) and I thought I was doing this configuration for the clients. Anyway I tried to get an SSMS connection on a different machine that did not trust the server certificate but it still allows me in the instance no matter whether or not I changed the encrypt option at login in SSMS.
Why can I get a connection to my server when my client does not trust the server certificate and I specify it should on my sql server?
December 3, 2008 at 4:37 pm
I feel quite embarassed as it seems that the client was actually trusting the server certificate.
It seems as long as you have any certificate in the clients computer trusted ca store that come from the CA that the server certificate was requested from then that that is all you need. It seems I did not understand how CAs work.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply