Post reply

Encrypted connections to the database

  • June 19, 2018 at 2:44 am

    #370908

    Hello,

    As part of the requirements for holding identifiable patient data on our network, we have been told that 'data in transit' has to be encrypted (one of many such requirements). I have been reading the following article, which sets out how this is done for a SQL Server instance: Enable Encrypted Connections to the Database Engine

    In our situation, the SQL Server instance is installed on one virtual machine, IIS Server on another, and then we have the client PCs. I understand that the certificate I generate from the virtual machine which hosts SQL Server has to be installed on the client machines. Does it also need to be installed on the IIS Server?

    Is/Are there any change(s) that need to be made in to the .Net application using the SQL Server instance, for example changes to the config.sys file?

    Anything else I should know before doing this (in a production environment in the first instance)?

    Thanks for any advice.

  • June 19, 2018 at 7:04 am

    #1994440

    I meant 'Web.config' file, of course.

  • June 19, 2018 at 7:17 am

    #1994446

    You'll have a far easier time setting up encrypted connections if you instead get a non-self-signed certificate.  If your SQL / IIS / clients are all part of an Active Directory Domain, have your Domain Admins set up a certificate server (if there isn't one already,) and generate a certificate from there.  The IIS servers will trust it, the clients will trust it, and it'll be a lot less headache.

  • June 20, 2018 at 6:01 am

    #1994601

    jasona.work - Tuesday, June 19, 2018 7:17 AM

    You'll have a far easier time setting up encrypted connections if you instead get a non-self-signed certificate.  If your SQL / IIS / clients are all part of an Active Directory Domain, have your Domain Admins set up a certificate server (if there isn't one already,) and generate a certificate from there.  The IIS servers will trust it, the clients will trust it, and it'll be a lot less headache.

    Thanks for the advice. We do run AD, so will speak to admins to see what can be done.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply