beautypg.com

Configuring ssl for sql server – HP Systems Insight Manager User Manual

Page 112

background image

Installing a certificate on a server with Microsoft Management Consold (MMC)

To use SSL encryption, you must install a certificate on the server where SQL Server is running.
Complete the following steps to install the certificate by using the MMC snap-in.

Procedure 25 Configuring the MMC Snap-in

1.

Open the certificates snap-in:

a.

Open the MMC console by clicking Start

→Run. The Run window opens.

b.

Enter MMC.

c.

From the Console menu, select Add/Remove Snap-in.

d.

Click Add, and then click Certificates.

e.

Click Add. You will be prompted to open the snap-in for the current user account, the
service account, or for the computer account.

f.

Select Computer Account.

g.

Select Local computer, and then click Finish.

h.

In the Add Standalone Snap-in box, click Close.

i.

In the Add/Remove Snap-in bx, click OK. Your installed certificates are located in the
Certificates folder in the Personal folder.

2.

Install the certificate on the server using the MMC snap-in.

a.

If you want to enable encryption for a specific client or clients, skip this step and proceed
to

“Configuring SSL for SQL Server” (page 112)

.

b.

Select the Personal folder in the left-hand pane.

c.

Right-click the right-hand pane, point to All Tasks, and then click Request New Certificate.
The Certificate Request Wizard window opens.

d.

Click Next.

e.

Select Certificate type is "computer".

f.

In the Friendly Name text box, enter a friendly name for the certificate, or leave the box
blank, and then complete the wizard. After the wizard completes, you will see the
certificate in the folder with the fully qualified computer domain name.

Configuring SSL for SQL Server

Procedure 26 Configuring SSL for SQL Server

1.

Configure SSL:

a.

In the Microsoft SQL Server program group, click Start, and to Configuration Tools.

b.

Click SQL Server Configuration Manager.

c.

Expand SQL Server Network Configuration, right-click the protocols for the server you
want, and then click Properties.

d.

On the Flags tab, view or specify the protocol encryption option. The login packet will
always be encrypted.

When the ForceEncryption option for the Database Engine is set to Yes, all
client/server communication is encrypted and clients that cannot support encryption
are denied access.

When the ForceEncryption option for the Database Engine is set to No, encryption
can be requested by the client application, but is not required.

SQL Server must be restarted after you change the ForceEncryption setting.

112

Understanding HP SIM security