SQL2005 SSL with IIS server setup. RRS feed

  • Question

  • Hi there,

    I'd like some advice, we are setting up an application where the web
    server is in DMZ and the SQL server is in the internal network.

    Both servers are in workgroup what we'd like to do is ensure secure
    communication between the 2 so we want to setup SQL 2005 SSL
    communication between the web and sql.

    My query is does this setup require the servers to be member servers -
    my understanding is not as the SSL should be independent of AD but I'd
    just like to clarify.

    If the servers aren't part of domain can I use a self signed
    certificate for the SQL server and then install the certificate on the
    IIS server so it trusts the self signed SQL server cert.

    Additionally by having this setup does this only provide SSL for the
    communication channel, I presume it doesn't affect any data residing
    on the SQL db - it only acts to provide a secure communication channel
    between the DMZ IIS and SQL server?

    Will using SQL with certificate affect/encrypt any of the data on the SQL server - if I'm not wrong it should'nt?

    Lastly are there any pitfalls that might exist with this setup as I know an alternative setup would be to use IPSEc between the 2 workgroup servers.


    Many thanks

    Tuesday, March 30, 2010 6:01 PM


  • Hi Momo,

    Your thoughts are right , the SSL encryption will only encrypt when the data flows between SQL server and your application and it has nothing to do with database level encryption / decryption. 

    Thanks, Leks
    Wednesday, March 31, 2010 5:12 AM