SSL in SQL Server 2005 [Il-Sung Lee]

re: SSL in SQL Server 2005 [Il-Sung Lee]

ShadowChaser — Sat, 06 Aug 2005 05:19:25 GMT

Wow... does this actually mean that "SQL Server Authentication" login packets are finally encrypted, or does this only apply somehow to Integrated Security?

Your posting definately seems to imply that it *does* encrypt user/pass logins, but it's still hard for me to believe, one of those "pinch me I must be dreaming" type of things :D

You have no idea how long your customers have been waiting for this!

re: SSL in SQL Server 2005 [Sushil Chordia]

DataWorksBlog — Tue, 09 Aug 2005 00:18:05 GMT

Hi shadowchaser, Thanks for your comment/feedback. This applies to all login packets and not just specific to Integrated Security.

re: SSL in SQL Server 2005 [Il-Sung Lee]

Matt Flynn — Fri, 07 Apr 2006 18:56:46 GMT

Hi Il-Sung,

I have recently upgraded to SQL 2005 from SQL 2K. The whole upgrade process was fairly seemless with the big exception of encryption.

As soon as we upgraded, all of our ASP.NET apps that were using Encrypt=True in their connection strings simply stopped working. Nothing else on either box, the server or the client, was changed. We changed the connection string to Encrypt=False and the apps work like they should, aside from not being encrypted. So my question is, what could cause this?

We have tried just about every MS KB article and recommendation we can find. We created new certificates using a CA server. We made sure they have had private keys and allowed server authentication. Force protocol encryption is set to YES on the server.

In the How section above, you mention in #1 about using the certificate the admin has specified. Well, we have never been able to get the certificate we create to appear in the list. We are logging on the server as the domain admin and starting the service under the same account.

Any ideas why we can't see the cert in the list or why the encryption failed after a SQL upgrade?

We're in much need of help on this as it's already been two long weeks trying to resolve.

Many thanks!

-Matt

re: SSL in SQL Server 2005 [Il-Sung Lee]

SQL Protocols — Sat, 08 Apr 2006 03:52:25 GMT

Hi Matt,

I'll try to help you get you back up and running as fast as I can. The only thing that I can think of is that the certificates that you are generating and the one you used for SS2K do not meet the stricter requirements of SS2K5. Please have a look at this post to see what properties we require from a cert:
http://blogs.msdn.com/sql_protocols/archive/2005/12/30/508311.aspx.

Incidentally, I'm assuming that this is you in this forum thread, http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=335106&SiteID=1? If so, I'd like to move our future correspondance to the forum so we can consolidate the discussion.

Thanks,
Il-Sung.

re: SSL in SQL Server 2005 [Il-Sung Lee]

Matt Flynn — Mon, 10 Apr 2006 20:22:51 GMT

Yes, that's me. I'll move discussion there....

SQL Protocols : Certificate for SQL Server 2005

SQL Protocols : Certificate for SQL Server 2005 — Thu, 27 Apr 2006 03:32:46 GMT

PingBack from http://blogs.msdn.com/sql_protocols/archive/2005/12/30/508311.aspx

re: SSL in SQL Server 2005 [Il-Sung Lee]

Michael — Sun, 21 May 2006 17:22:32 GMT

Hi, I am fairly new to SQL 2005. If I connect to my client's SQL server via SQL Server Management Studio using default setting, does it means it will automatically encrypt the login info?

I tried to tick the option "Encrypt connection" but it came back with message saying:

"A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an untrusted authority.) (Microsoft SQL Server, Error: -2146893019)"

Does it mean I can only use Encrypt connection if the client's server has SSL installed?

Thx

re: SSL in SQL Server 2005 [Il-Sung Lee]

Il-Sung — Sat, 03 Jun 2006 00:29:05 GMT

Hi Michael,

If you are connecting from an ADO.Net application to a SQL Server 2005 server, then the login packet will be encrypted. So if by "pose any security issue" you mean that you are concerned about clear-text password on the wire, then you're fine.

Il-Sung.

re: SSL in SQL Server 2005 [Il-Sung Lee]

Nir — Tue, 06 Jun 2006 10:23:04 GMT

Hi Il-Sung,

How do you set, at the client, the "Trust Server Certificate" flag to override the server validation.

Thanks,

Nir

re: SSL in SQL Server 2005 [Il-Sung Lee]

Mauro SB. — Mon, 10 Jul 2006 17:07:35 GMT

i ve read that when using self signed cert in sql2005, the error "the certificate chain was issued by an untrusted authority".
A simply change in the conn string to "TrustServerCertificate=true" can workaround the problem, but what happen when you dont have acces to this conn string I.e. when you use "OSQL". it happened to me ,when i upgraded a website using OSQL from w2k to w2003(its uses SSL in the IIS that cant be shut down) i suppose that this w2003 service is forcing OSQL to connect using SSL. what do you suggest?

Особенности реализации SSL шифрования в SQL Server 2005

Yan Liberman — Sat, 09 Jun 2007 08:33:43 GMT

Этот пост посвящен использованию сертификата с собственной подписью (self-signed

Restrict Access to SQL Server using "Certificates"

SQL Server Security, Performance and Tuning - (SSQA) — Mon, 02 Jul 2007 12:45:08 GMT

Within SQL Server 2005 you could take help of certificates to restrict the access from a particular client's

Data Access blog SSL in SQL Server 2005 Il Sung Lee | Outdoor Ceiling Fans

Data Access blog SSL in SQL Server 2005 Il Sung Lee | Outdoor Ceiling Fans — Sun, 31 May 2009 16:18:23 GMT

PingBack from http://outdoorceilingfansite.info/story.php?id=5161