Link to home
Start Free TrialLog in
Avatar of SAM2009
SAM2009Flag for Canada

asked on

How SSL connection can works without SSL Cert installed on Windows SQL 2008 R2?

Hi,

I have an application installed in Linux server which has EasySoft ODBC driver and this application connects to SQL Windows 2008 R2 server by ssl. What I try to understand is how it can connect by ssl without certificate installed on SQL server?

I'm not familiar with ODBC maybe there is something already configured in Linux side...

Could you help me to understand that?
SOLUTION
Avatar of lcohan
lcohan
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of SAM2009

ASKER

But if self signed cert is installed I should see it by going in MMC\Certificate\Personal of the SQL server but it is empty.
The KB says -
<<
You can verify that SQL Server has successfully generated a self-signed SSL certificate by checking the SQL Server error log for a line containing:

 A self-generated certificate was successfully loaded for encryption.
>>

have you done that?
Avatar of SAM2009

ASKER

Yes I see that. But tell me in Easysoft ODBC site it says:

"Self-signed SSL certificates SQL Server 2005 can make SSL encryption available even if an SSL certificate has not been installed on the SQL Server machine. It does this by generating a self-signed SSL certificate. The Easysoft ODBC-SQL Server Driver supports SSL encryption through either a self-signed certificate or a certificate issued by a certificate authority (CA)."

When they say:"]even if an SSL certificate has not been installed on the SQL Server machine" what does it mean?


Thanks
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of SAM2009

ASKER

So all cert generation is done by EasySoft ODBC driver?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of SAM2009

ASKER

Ah ok I see...because I'm only used to see cert installed in Windows server but did not know  that sql can generate his own temp cert.
Yes in this case SQL generates its own when connection established via the EasySoft ODBC driver.
Avatar of SAM2009

ASKER

Is that a normal behavior from sql or a special config need to be set?
Not sure I understand your last question.
If you configure your SQL server to require an encrypted channel for all client connection, the sql server to operated requires a certificate. In the absence of an installed CA issued SQL server certificate, the SQL service will generate a self signed certificate without which the server can not operate/function.

You could change the SQL config not to require a secure connection; however, it is not a guarantee since I think the client can request a secure connection based on its settings at which point the SQL server will repeat generating its own self signed cert....
Avatar of SAM2009

ASKER

When you said:"You could change the SQL config not to require a secure connection; however, it is not a guarantee since I think the client can request a secure connection based on its settings at which point the SQL server will repeat generating its own self signed cert...."

I think you are right because I did not see encryption set to yes in SQL server setting.

So in my case the EasySoft uses OPENSSL to connect on my SQL server and it force the SQL to generate his own certificate (because client request).
Yes. the SQL server's functionality is to have the client and server negotiate a connection. The sql server can be set to require a secure communication channel.
The client can also be set to require a secure communication channel. the connection can only be established when both sides negotiate.
SQL server can not be restricted to only non-secure communication...
Avatar of SAM2009

ASKER

Hey guys thank you very much for your help and explanation!