Databases Reference
In-Depth Information
Figure 10.2
Forcing SQL
Server to serve only
encrypted sessions.
Server will now accept only sessions that are encrypted. You must remem-
ber that it is not enough to turn this option on; in order for encryption to
occur, the server must have a valid certificate from which it can derive the
keys to perform the encryption. This requirement is common to all SSL-
based facilities, regardless of the database platform. In the example shown
here, SSL encryption will only work if your instance of SQL Server 2000
is running on a computer that has been assigned a certificate from a public
certification authority. The computer on which the application is running
must also have a root CA certificate from the same authority. Thus, SQL
Server relies on certificate management facilities, which are part of the
Windows operating system (or ActiveDirectory for simpler key manage-
ment). If you do not have a certificate on your server, SQL Server will not
start up and you will get an error in your Application Event Log, as shown
in Figure 10.3.
SSL is an industry standard, and as such, most modern database systems
support the use of SSL for encrypting data-in-transit. Let's look at another
example for setting up SSL-based communications for MySQL on a Linux
system. To complete an SSL-based configuration, follow these steps:
Search WWH ::
Custom Search