Share via

How to Configure Secure Communications with the Commerce Server Databases

  • Article

For a secure deployment, it is recommended that commerce data transmitted between the Microsoft Commerce Server 2009 R2 site and the Commerce Server 2009 R2 databases hosted on SQL Server instances in the data tier are encrypted using Secure Sockets Layer (SSL).

This topic provides guidance information to help you setup an encrypted connection to Commerce Server 2009 R2 databases.

Prerequisites

  • You must be familiar with the management of encryption certificates.

  • You are familiar with SSL encryption with Microsoft SQL Server. For information about configuring the commerce database server to encrypt data transmitted across a network between an SQL Server instance and an SQL Server client, see https://go.microsoft.com/fwlink/?LinkId=208742.

SSL for SQL Server Using ForceEncryption

When the ForceEncryption option on the SQL Server Database Engine is used (the ForceEncryption option on the SQL Server Database Engine is set to Yes), communication with all SQL Server clients is encrypted. In this case, no further action is required in Commerce Server 2009 R2 for commerce data to be encrypted in connections to the SQL Server Database Engine.

Client Requested SSL Encryption

If not enforced by the SQL Server Database Engine (the ForceEncryption option on the SQL Server Database Engine is set to No), then encryption must be requested by the client. In order to configure Commerce Server 2009 R2 to request encryption for connections to an SQL Server instance, you use Commerce Server Manager to edit the appropriate Commerce Server 2009 R2 database connection strings. In Commerce Server Manager, connection string values are specified under Global Resources and Site Resources.

For any particular connection string that should request an encrypted connection to the SQL Server Database Engine, modify the Use Encryption for Data property by changing its value to True.

For information on how to use Commerce Server Manager to change connection strings, refer to the following procedures: