We have an application that requires bi-directional data transfer between 2
SQL servers. To ensure the data transfer is encrypted, we
are considering to use SQL server SSL encryption. However, the
problem is for this case, each machine is acting as both client and
server for SSL encryption. So is there any way to do this? As far as
I know, we can turn on this "enforce protocle encryption" option
on either client or server, but not both. Besides, will this mean
we need to install certificate on every machine?
If this is not possible in SQL server, is there any other way
to achieve the same goal?
Thanks.The protocol encryption requires the use of certificates.
Read this if you're unfamiliar with PKI
http://www.microsoft.com/technet/ar...uate/featfunc/p
kiintro.mspx
If you want encryption going both directions then enable it on the
serverside.
This would require certificates on both machines. If the certificates are
issued by the same
CA, then it won't be a problem.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Hi Kevin:
Thanks a lot for the information. I have tried the following and still have
some problems:
I install the certificates on both machines.
I turn on the "server" encryption on machine-1.
I turn on the "client" encryption on machine-1 too.
Start my application, cannot connect to the database - from either machine.
However, if I only turn on the "server" encryption on machine-1,
then application works.
My question is, in this case, I think the connection from machine-2 to
machine-1 is encrypted, but does the connection from machine-1
to machine-2 also encrypted?
Yuh-Ming
"Kevin McDonnell [MSFT]" <kevmc@.online.microsoft.com> wrote in message
news:roYhgmXKEHA.928@.cpmsftngxa10.phx.gbl...
> The protocol encryption requires the use of certificates.
> Read this if you're unfamiliar with PKI
>
http://www.microsoft.com/technet/ar...uate/featfunc/p
> kiintro.mspx
> If you want encryption going both directions then enable it on the
> serverside.
> This would require certificates on both machines. If the certificates are
> issued by the same
> CA, then it won't be a problem.
>
> Thanks,
> Kevin McDonnell
> Microsoft Corporation
> This posting is provided AS IS with no warranties, and confers no rights.
>
>|||Turning on encryption at the server 1 allows all communication to be
encrypted.
There's no need to enable encryption on the client as well.
Turn on encryption at both servers using the server network utility and I
think you'll have what
you need.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment