RE: How to enable 2-way SSL encryption
From: Michael, Cheng [MSFT] (v-mingqc_at_online.microsoft.com)
Date: 04/24/04
- Next message: Briandr: "Transfer SQL data in old server to new server"
- Previous message: Michael, Cheng [MSFT]: "RE: way to find license info using QA?"
- In reply to: Yuh-MIng Shyy: "How to enable 2-way SSL encryption"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 24 Apr 2004 09:50:04 GMT
Hi Yuh-Mlng,
>From your description, I understand that you would like to know something
about SSL encryption and connection between two machines.
Based on my knowledge, authentication is provided through the use of a
digital signature. This digital signature takes the form of a certificate
which is administered from a Certificate Authority. For more information,
there is a good blurb in article q205698, "Submit a certificate request to
this CA using a form." Another good article is q245152, "How Secure
Sockets Layer Works."
SQL server 2000 implements SSL. There are two main setup procedures to
implement SSL:
Enable SSL on the SQL Server - following this procedure results in all
client
connections to SQL Server implementing SSL. This requires two steps:
1. Create a valid certificate from a Certificate Authority on the SQL
Server
2. Enable Force protocol encryption in the SQL Server Network Utility.
Enable SSL on individual clients - following this procedure results in
implenting secure connections between SQL Server and only those clients
configured for secure connections. Example - you have approx 100 clients
that connect to SQL 2000 server, but you only require two connections be
secure. This is a good example of where client configured secure sockets
may be arguably a better, more efficient implementation. To set up client
SSL to SQL Server:
1. Create a valid certificate from a Certificate Authority on the SQL
Server
2. Set up client with Trusted Root CA certificate - basically
certificate so
that client trusts the CA that gave SQL Server its certificate.
3. On the client, enable "Force protocol encryption in the SQL Server
Client
Network Utility.
NOTICE that force protocol encryption may have some performance impact on
your SQL Server in some cases.
Moreover, you could have a look at
INF: How SQL Server Uses a Certificate When the Force Protocol Encryption
Option is Set On
http://support.microsoft.com/?id=318605
HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate Server
http://support.microsoft.com/?id=276553
HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft Management
Console
http://support.microsoft.com/?id=316898
In addition, if you are unfamiliar with PKI, I would like to recommand the
documents below
An Introduction to the Windows 2000 Public-Key Infrastructure
http://www.microsoft.com/technet/archive/windows2000serv/evaluate/featfunc/p
kiintro.mspx
which will give you a brief introduction for Windows 2000 PKI
Hope this helps and if you have any questions or concerns, don't hesitate
to let me know. We are here to be of assistance!
Sincerely yours,
Michael Cheng
Microsoft Online Support
***********************************************************
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks.
- Next message: Briandr: "Transfer SQL data in old server to new server"
- Previous message: Michael, Cheng [MSFT]: "RE: way to find license info using QA?"
- In reply to: Yuh-MIng Shyy: "How to enable 2-way SSL encryption"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
