question

Var-2545 avatar image
0 Votes"
Var-2545 asked Var-2545 commented

SQL Server SSL Connection without valid cert.

We have enabled ssl encryption on SQL Server in our environment. Currently application is able to connect to SQL Server with/with out valid certificate. Understand that SSL/TLS are for encryption purpose, but is there a way that SQL Server can reject the connection if the client certificate is not valid or connections without any certificates?

I can see the connections are encrypted using sql command, but not sure our implementation is correct as clients with/without valid certs are able to connect. Do we need to enable any feature to reject connections without valid certs?

Regards.
Varun

sql-server-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Var-2545,

We have not received a response from you. Did the reply could help you? If the response helped, do "Accept Answer". If it is not, please let us know. By doing so, it will benefit all community members who are having this similar issue. Your contribution is highly appreciated.

0 Votes 0 ·

1 Answer

Cathyji-msft avatar image
1 Vote"
Cathyji-msft answered Var-2545 commented

Hi @Var-2545,

but is there a way that SQL Server can reject the connection if the client certificate is not valid or connections without any certificates?

Yes. Did you enable TrustServerCertificate in the client configuration? If "TrustServerCertificate" is not enabled in the client configuration, a provisioned server certificate is still required. Your connection without valid certificate will failed.

Refer to MS document Using Encryption Without Validation in SQL Server Native Client.


If the response is helpful, please click "Accept Answer" and upvote it, thank you.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Cathyji-msft,

  Thanks for the update, understood that if "TrustServerCertificate" is not enabled on client config connection will fail.  I have one last query,  If client side "TrustServerCertificate" is set to true, will the sql server encrypts the connection provided ssl is enabled on the server?


0 Votes 0 ·