locked
Is it nessesary to buy a certificate? RRS feed

  • Question

  • Hi

    I have a webservice that receive data from a sql server. And that data is used in a website  

    I need to buy a SSL certificate for the website so that the customer can rely on the security. But, is it nessesary to buy a certificate for the sql server or can I use a self signed certificate? It is only the webservice that uses the sql server and the customer does not have access to the sql server or the webservice.

    Regards

    Jakob

    Tuesday, July 14, 2015 4:43 AM

All replies

  • Hello Jakob,

    If you don't expose SQL Server directly to Internet, only to your internal web service then it's not reallly necessary to encrypt communication with SSL certificate.


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Tuesday, July 14, 2015 7:05 AM
  • Thanks for the reply. The sql server is exposed to the internet from the hosting company so i need to encrypt the connection. If i have Examples.com, can i then just create db.examples.com and buy a certificate for that?
    Tuesday, July 14, 2015 3:48 PM
  • The sql server is exposed to the internet from the hosting company
    Are the web side and SQL Server running on the same machine? Is remote access via Internet to SQL Server required? If not you can turn off remote access for SQL Server as well as TCP protocoll, the web side can establish a local "shared Memory" connection to SQL Server.

    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Wednesday, July 15, 2015 5:51 AM
  • The webserver and the sql server are on the same machine. Cant turn off remote access. Access is only through ssms. Is it then still "safe" when it exposed on the internet. Thinking of making a subdomain that points to the sql server and buy a certificate for that domain
    Wednesday, July 15, 2015 9:34 AM