Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
olymp
Starting Member
1 Post |
 Posted - 2009-09-15 : 07:33:44
|
Hi there, I’m trying to set up a SQL-test-system using the SQL2005 build in SSL encryption; btw for several days now … I stopped sleeping and eating .. please help me  I’ve read several how-to’s, forum posts and documentations about this topic, and it must be nearly finished – but it still don’t work  Setup:My setup contains 2 PCs in on network.PC A (Server): Win Server 2003 (Domain Controller)SQL Server 2005 SP3 IP: 192.168.1.100PC B (Client): Win XP SP2 SQL Client-tools 2005 SP3IP: 192.168.1.101Gateway: PC AWhat Works:• PC B can login to Windows using Domain-login of PC A• I’ve installed “IIS Service”, and “CA Service” on PC A• I managed to generate a certificate on PC A, with name = PCA_cert• In “SQL Server Configuration Manager” I set the SQL Server Network Configuration flag “ForceEncryption” to YES, and I also selected the previous generated certificate in the certificate tab. • I set on PC B in “SQL Server Configuration Manager” the SQL Client Network Configuration flag “UseEncryption” to YES.• I used WireShark (on PC A) to see the content of the SQL packets between server and client. I found the packets. What don’t work: After activating the ForceEncryption option I thought there must be an error message when I try to connect to with PC B (with client encryption = NO) to the SQL Server on PC A. But nothing happened; I got a regular connection with correct query results. When I used WireShark on PC A, I could read everything. In ForceEncryption=Yes and also in =No mode. So they were not encrypted.Questions:How does the certificate from PC A work on PC B exactly? Or where can I check if the certificate is transferred correctly? Is there anything basic I forgot to do with the certificate?Did I use the SSL option correctly? Did I maybe forget some basic things? Do I use WireShark correctly when I start it from PC A, or do I need a third PC for that task? Thank you for reading the whole story :rolleyes: |
|
|
ajitgadge
Starting Member
12 Posts |
Posted - 2009-09-18 : 05:37:44
|
| Hi,I have done similar kind of setting in my environment before some time back. I am not able to recall exactly. But for sure. 1. You need to generate the private certificate key on PC A which PC B can read. So that network packet get encrypted while Forcetoencrypt option ON. You can see this packet encryption using WireShark.2: I remember, you have also need to put some setting in SQL server Reg Key. |
 |
|
|
|
|
|
Encrypted SQL-connection using the WS 2005 build-i