none
Does configuring SQL for SSL Certificate require restart?

    Question

  • I want to use a SSL cert to encrypt data in motion between client app and SQL Server.  As I understand it, the configuration in SQL Server is:

    Import the cert to the Personal certificate store.

    In Configuration Manager, Protocols for <instance> page|Certificate tab -> find the cert in the dropdown list.

    On the Flags page, set Force Encryption to Yes.

    Use SQL query to see if new connections are encrypted.

    Is that all there is too it?  If I want to turn off encryption, just set Force Encryption to No, right?  Does it require a instance restart to make SSL take effect?

    Thanks.

    Thursday, July 12, 2018 10:25 PM

All replies

  • Hi District9,

     

    According to your description, my understanding is that you want to use a SSL cert to encrypt data in motion between client app and SQL Server. If anything is misunderstand, please tell me.

     

    The steps your described is right. However you need to add a step that restart the SQL Server service after these settings. Actually, there will occur a warning panel like the following screenshot shows that you need to restart the service to save the changes. After configuring the server to accept encrypted connections, configuring the client to request encrypted connections is also important.

     

     

     

    Just setting the Force Encryption to No may not be a simple way to turn off encryption. You should firstly make sure that client doesn't request encrypted connections. If you set the Force Encryption option to Yes, it means that all communications between client and server is encrypted no matter whether the client requests encrypted connection.

     

    Best Regards,

    Emily


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Friday, July 13, 2018 6:06 AM