I am deploying Microsoft Bitlocker Administration and Monitoring (MBAM) for a customer and one of the things we want to do is encrypt the traffic between the front end application server and the SQL Server. Here is what the topology looks like from TechNet.
Securing the connection between the two servers is relatively straight forward. First get a certificate from your favourite Certificate authority (can be internal or can be 3rd party in this case, your choice) and import it into your personal certificate store. What kind of cert do you need, check TechNet for the answer to that question. Basically it needs to be able to handle server authentication. Once imported, right-click on the certificate and manage the keys.
Here you assign read access to the keys to the account that runs the database service which will use the certificate. In my case I used a service account of srvdbsi01 so I assign that account the rights of read.
Open SQL Configuration Manager. Expand SQL Server Network Configuration and right-click on Protocols for MSSQLSERVER or whatever the name of the instance you want to secure is.
Next set the certificate by selecting it from the pull down list.
Then click on the flags tab and set the Force Encryption to Yes.
Now restart the SQL service and you’ll be good to go.