Re: Does Force Protocol Encryption on Server Require Certificate to be Installed on Client?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: nasteric (nasteric_at_yahoo.com)
Date: 06/07/04 

Date: 7 Jun 2004 09:05:02 -0700

If found a good article.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT19.asp

"Note that, in all cases, SQL Server sends its server authentication
certificate in the clear to the client at the beginning of the
communication sequence. This is part of the SSL protocol. Note that
this occurs even when neither the server nor the client requires
encryption."

nasteric@yahoo.com (nasteric) wrote in message news:<e651d8ae.0406012052.5e1c2f41@posting.google.com>...
> So I was able to enable the option to Force Protocol Encryption using
> SQL. However, I was still able to connect to this instance of SQL
> using the Query Analyzer tool from a machine without the certificate
> (public key) installed.
>
> This leads me to believe that the client connected to the server w/out
> encrypting communications or that the client doesnt require a
> certificate in order to connect (encrypted) to the instance of SQL now
> configured to force protocol encryption. As a result, I have the
> following question.
>
> Once protocol encryption is enabled on the server using the SQL Server
> Network Utility, must the certificate (public key) be installed on the
> client in order to access SQL on the server (now configured to force
> protocol encryption)?
>
> What does it mean when I connect to the instance of SQL from a machine
> w/out the certificate? How is this working? Are communications still
> encrypted from client to server?
>
> Thanks in advance for any help/direction.

Relevant Pages

  • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
    ... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: LDP client authentication fails
    ... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
    (microsoft.public.windows.server.active_directory)
  • Re: SSL & Man In the Middle Attack
    ... >> it possible for the middle man to intercept all messages from server to me ... > server sends client a signed message along with a digital certificate. ... > client generates a random secret key, ...
    (comp.security.misc)
  • Re: activesync issue
    ... On the SBS 2003 Server open the Server Management console. ... On the "Web Server Certificate" page, choose to create a new Web server ... Install the new certificate which created in above step on mobile device: ... Access to browse the Exchange Server 2003 client after you install ...
    (microsoft.public.windows.server.sbs)
  • Re: DataSet.GetChanges() in RowChanged(DataRowAction.Add)
    ... have you considered SQL Express and use ... > I realize now that I didn't describe well how the client application is ... > Framework installed on the client machine, but not any SQL Server). ... > 20 tables in different relations with eachother in the database, ...
    (microsoft.public.dotnet.framework.adonet)