Securing the connection from AppScan® Enterprise to SQL Server
This procedure describes how to install a certificate on a computer that is running Microsoft™ SQL Server by using Microsoft™ Management Console (MMC) and describes how to enable SSL Encryption at the server.
Before you begin
- If you are creating an SSL certificate on the computer that hosts SQL Server, make sure that IIS is installed on that computer or this procedure won't work.
- If you are using a purchased SSL certificate, or one that was generated from an internal certificate authority, start at Step 2 of this procedure.
About this task
When you secure the connection on the SQL Server computer, the SQL Server encrypts its connection by using SSL. When the AppScan Enterprise Server tries to connect to the SQL Server, the SQL Server lets the AppScan Enterprise Server know that it's going to use an SSL connection during the initial handshake, and they communicate that way. The AppScan Enterprise Server knows how to talk to the SQL Server over SSL. The SQL Server uses the certificate to encrypt to connection and exchanges that information with the AppScan Enterprise Server.
Procedure
-
On the computer that hosts SQL Server, create an SSL certificate:
- Go to .
- Give the certificate a name, click OK and Export the certificate.
- Close IIS Manager.
-
On the computer that hosts SQL Server, start MMC console (
).
-
Open SQL Server Configuration Manager:
- Expand SQL Server Network Configuration right-click Protocols for <sql server name> and then select Properties.
- On the Flags tab, select Yes in the Force encryption box, and then click OK.
- Select the certificate from the Certificate tab and click OK to close the window.
- Restart the SQL Server service.
- If you are running SQL Server with a non-privileged service
account, you must enable the private key to be readable by the SQL
Server service account. Follow the steps in this article: Permissions required for SQL Server Service account
to use SSL certificate.Note: Read these sections: "Few more tips while enabling the encrypted connection" and "Permissions to the Private Key portion of the Imported Certificate - FIX" in this article: Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager).