Using SSL encrypt connection between Client and SQL Server

MSSQL-Feature-Image

We can use TDE,Row-level security or Dynamic Data Masking to protect data within database.
However, the connection between Client and MS SQL server does not have any protection by default.
As a result, we need to use SSL encrypt the connection between client and MS SQL.

Prepare:
You need to setup Active Directory Certificate Service (AD CS) to publish certificate to MS SQL server.

We will use Microsoft Network Monitor 3.4 to capture the data between client and MS SQL server.
We need reboot the pc after install Microsoft Network Monitor 3.4.
If not, Microsoft Network Monitor will not detect PC’s NIC.

How to enable SSL to encrypt the data between client and MS SQL Server:

1. Request Certificate which is used to encrypt data:

a. Click “Start” > type “mmc.exe”
b. Click “File” > select “Add/Remove Snap-ins” > select “Certificate” > click “add”
c. Select “Computer account” > click “Next” > select “Local Computer” > click “Finish” > click “OK”
d. Expand “Certificates” > right-click “Personal” > select “All Tasks” > click “Request New Certificate”
e. Click “Next” > Check “Computer” > click “Enroll” > click “Finish”
f. Right-click the certificate > select “All Tasks” > select “Manage Private Keys…”
g. Assign “read” permission to local account “NT Service\MSSQLSERVER”.

2. Enable SSL

a. Open “SQL Server 2016 Configuration Manager”
b. Expand “SQL Server Network Configuration” > right-click “Protocols for MSSQLSERVER” > select “Properties”
c. At “Flags” lab, change “Force Encryption” form “No” to “Yes”
d. At “Certificate” lab, select certification which is created at Step 1. > Click “OK”
e. Select “SQL Server Services” > right-click “SQL Server(MSSQLSERVER)” to restart MS SQL.

Author: Joe Chan