SAM2009
asked on
How SSL connection can works without SSL Cert installed on Windows SQL 2008 R2?
Hi,
I have an application installed in Linux server which has EasySoft ODBC driver and this application connects to SQL Windows 2008 R2 server by ssl. What I try to understand is how it can connect by ssl without certificate installed on SQL server?
I'm not familiar with ODBC maybe there is something already configured in Linux side...
Could you help me to understand that?
I have an application installed in Linux server which has EasySoft ODBC driver and this application connects to SQL Windows 2008 R2 server by ssl. What I try to understand is how it can connect by ssl without certificate installed on SQL server?
I'm not familiar with ODBC maybe there is something already configured in Linux side...
Could you help me to understand that?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The KB says -
<<
You can verify that SQL Server has successfully generated a self-signed SSL certificate by checking the SQL Server error log for a line containing:
A self-generated certificate was successfully loaded for encryption.
>>
have you done that?
<<
You can verify that SQL Server has successfully generated a self-signed SSL certificate by checking the SQL Server error log for a line containing:
A self-generated certificate was successfully loaded for encryption.
>>
have you done that?
ASKER
Yes I see that. But tell me in Easysoft ODBC site it says:
"Self-signed SSL certificates SQL Server 2005 can make SSL encryption available even if an SSL certificate has not been installed on the SQL Server machine. It does this by generating a self-signed SSL certificate. The Easysoft ODBC-SQL Server Driver supports SSL encryption through either a self-signed certificate or a certificate issued by a certificate authority (CA)."
When they say:"]even if an SSL certificate has not been installed on the SQL Server machine" what does it mean?
Thanks
"Self-signed SSL certificates SQL Server 2005 can make SSL encryption available even if an SSL certificate has not been installed on the SQL Server machine. It does this by generating a self-signed SSL certificate. The Easysoft ODBC-SQL Server Driver supports SSL encryption through either a self-signed certificate or a certificate issued by a certificate authority (CA)."
When they say:"]even if an SSL certificate has not been installed on the SQL Server machine" what does it mean?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So all cert generation is done by EasySoft ODBC driver?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah ok I see...because I'm only used to see cert installed in Windows server but did not know that sql can generate his own temp cert.
Yes in this case SQL generates its own when connection established via the EasySoft ODBC driver.
ASKER
Is that a normal behavior from sql or a special config need to be set?
Not sure I understand your last question.
If you configure your SQL server to require an encrypted channel for all client connection, the sql server to operated requires a certificate. In the absence of an installed CA issued SQL server certificate, the SQL service will generate a self signed certificate without which the server can not operate/function.
You could change the SQL config not to require a secure connection; however, it is not a guarantee since I think the client can request a secure connection based on its settings at which point the SQL server will repeat generating its own self signed cert....
If you configure your SQL server to require an encrypted channel for all client connection, the sql server to operated requires a certificate. In the absence of an installed CA issued SQL server certificate, the SQL service will generate a self signed certificate without which the server can not operate/function.
You could change the SQL config not to require a secure connection; however, it is not a guarantee since I think the client can request a secure connection based on its settings at which point the SQL server will repeat generating its own self signed cert....
ASKER
When you said:"You could change the SQL config not to require a secure connection; however, it is not a guarantee since I think the client can request a secure connection based on its settings at which point the SQL server will repeat generating its own self signed cert...."
I think you are right because I did not see encryption set to yes in SQL server setting.
So in my case the EasySoft uses OPENSSL to connect on my SQL server and it force the SQL to generate his own certificate (because client request).
I think you are right because I did not see encryption set to yes in SQL server setting.
So in my case the EasySoft uses OPENSSL to connect on my SQL server and it force the SQL to generate his own certificate (because client request).
Yes. the SQL server's functionality is to have the client and server negotiate a connection. The sql server can be set to require a secure communication channel.
The client can also be set to require a secure communication channel. the connection can only be established when both sides negotiate.
SQL server can not be restricted to only non-secure communication...
The client can also be set to require a secure communication channel. the connection can only be established when both sides negotiate.
SQL server can not be restricted to only non-secure communication...
ASKER
Hey guys thank you very much for your help and explanation!
ASKER