Todd's Blog

Todd's Tips for System Adminstrators

  • TechDays
  • Speaking Engagements
  • Contact Me
  • About Me

Connect

  • LinkedIn

Powered by Genesis

Securing SQL Traffic using Certificates

posted on February 11, 2015

I am deploying Microsoft Bitlocker Administration and Monitoring (MBAM) for a customer and one of the things we want to do is encrypt the traffic between the front end application server and the SQL Server. Here is what the topology looks like from TechNet.

Securing the connection between the two servers is relatively straight forward. First get a certificate from your favourite Certificate authority (can be internal or can be 3rd party in this case, your choice) and import it into your personal certificate store. What kind of cert do you need, check TechNet for the answer to that question. Basically it needs to be able to handle server authentication. Once imported, right-click on the certificate and manage the keys.

Screenshot for managing certificates

Here you assign read access to the keys to the account that runs the database service which will use the certificate. In my case I used a service account of srvdbsi01 so I assign that account the rights of read.

Screenshot of the properties for manage keys

Open SQL Configuration Manager. Expand SQL Server Network Configuration and right-click on Protocols for MSSQLSERVER or whatever the name of the instance you want to secure is.

Properties-for-protocols-SQL-Server

Next set the certificate by selecting it from the pull down list.

Certificate-For-Securing-SQL-Server

Then click on the flags tab and set the Force Encryption to Yes.

Force-Encryption-SQL-Server

Now restart the SQL service and you’ll be good to go.

Filed Under: Technology Tagged With: Certificates, Encryption, SQL, SQL Server, SSL

Recent Posts

  • Office 365 – Creating Custom SKUs
  • Setting a Default Printer in Windows 10
  • Deploying Windows to the Correct Drive in Configuration Manager
  • Surface Pro 4, Surface Dock and DVI Problems
  • Enabling UEV in Windows 10 1607

Recent Comments

  • Moore Details on Setting up a Delayed Charge in Quickbooks Online
  • MCP Exam Training on Using PowerShell to Get a List of Groups from Active Directory
  • Kac on Setting up an Office 2010 KMS Host Server
  • prabumedia.com | Pilih lisensi MAK atau MKS untuk aktifasi produk Microsoft ? on Setting up a KMS Server
  • prabumedia.com | Pilih lisensi MAK atau MKS untuk aktifasi produk Microsoft ? on Setting up an Office 2010 KMS Host Server

Archives

Categories

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org