Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Encryption with Microsoft SQL Server 2000 Kevin McDonnell Technical Lead SQL Server Support Microsoft Corporation.

Published byBlake Barrett Modified over 9 years ago

Similar presentations

Presentation on theme: "Using Encryption with Microsoft SQL Server 2000 Kevin McDonnell Technical Lead SQL Server Support Microsoft Corporation."— Presentation transcript:

1 Using Encryption with Microsoft SQL Server 2000 Kevin McDonnell Technical Lead SQL Server Support Microsoft Corporation

2 2 Presentation Content  We will discuss how to set up Microsoft® SQL Server™ 2000 with SSL encryption  This is not a discussion on Certificate Server, PKI, or an in-depth discussion of SSL

3 3 Data Encryption SQL Server 7.0 vs. SQL Server 2000  In SQL Server 7.0, we used the Multiprotocol library and enabled the encryption option Not strong encryption Not strong encryption Requires additional protocol MSRPC Requires additional protocol MSRPC Requires additional ports opened on the firewall Requires additional ports opened on the firewall Not supported for named instances Not supported for named instances  SQL Server 2000 Strong encryption Strong encryption Uses only the TCP protocol Uses only the TCP protocol

4 4 SQL Server 2000 Encryption  There is no wizard to install a certificate  There is no SQL GUI to manage certificates  There is no way to identify which connections are encrypted and which connections are not  There is no SQL GUI to verify a certificate is valid  The certificate is read on the server during SQL Server startup

5 5 SQL Server 2000 Overview Net-Library Architecture TCPIPX/SPXNet-Library Router Encryption Layer SSNetLib - Server Socket Net-Library SQL Server

6 6 SQL Server 2000 Client Overview  Requires MDAC 2.6 or later to be installed  Does not require SQL Server 2000 Tools  Programmers can request SSL encryption in their connection string ODBC : Encrypt = Yes ODBC : Encrypt = Yes Oledb : Use Encryption for Data = True Oledb : Use Encryption for Data = True

7 7 SQL Server 2000 Client Overview Net-Library Architecture Client Application Oledb Provider or ODBC Driver Client Net-Library DBNetlib.dll TCPIPX/SPXNet-Library Router Encryption Layer

8 8 Certificate Request From a Microsoft Certificate Authority Server Stand-Alone CA Enterprise CA SQL Server 2000 Web request: Use advanced request using a form. MMC request. Virtual SQL Server 2000 Cluster Web request: Use advanced request using a form. Must specify virtual server name. Web request: Use advanced request using a form. Change certificate template to Web Server.

9 9 Encryption Planning for SQL Server 2000 Enabling SSL Encryption from the Server  Use the SQL Server Network Utility  Forces all incoming connections to be encrypted  Install server certificate only  All or nothing — the server will not start if the certificate is not found or is invalid

10 10 Encryption Planning for SQL Server 2000 (2) Enabling Encryption from the Client Using the Client Network Utility  Use the SQL Server Client Network Utility  Forces all client connections to be encrypted  Can no longer connect to SQL Server 7.0  Install server certificate — client requires updated Trusted Root Authority

11 11 Certificate Request From a Stand-Alone CA

12 12 Certificate Request Change the Intended Purpose

13 13 Certificate Request Certificate Store Location

14 14 Certificate Request Submit Certificate Request to CA

15 15 Certificate Request Pending CA Approval

16 16 Certificate Request Check on a Pending Certificate

17 17 Certificate Request Select the Certificate Request You Want To Check

18 18 Certificate Request Install the Certificate

19 19 View Certificate in MMC

20 20 Certificate General Information

21 21 SQL Server 2000 Server Network Utility  Select the “Force protocol encryption” check box to enable SSL encryption

22 22 SQL 2000 Server Registry  The registry that shows server-enabled encryption is: HKLM\Software\Microsoft\MSSQLServer\MSS QLServer\SuperSocketNetLib

23 23 Certificate Request From an Enterprise CA

24 24 Certificate Request Using MMC

25 25 Certificate Request (2) Using MMC

26 26 Certificate Request (3) Using MMC

27 27 Certificate Request (4) Using MMC

28 28 Certificate Request (5) Using MMC

29 29 Client Request for Encryption  The SQL Server must have the certificate installed  The client computer must update the Trusted Root Authority  Export the Trusted Root Authority from the server and import it on the client computer  Enable “Force protocol encryption” from the SQL Client Network Utility or use the appropriate connection string  Recommended for SQL Server cluster

30 30 SQL Server 2000 Client Network Utility  Enabling the “Force protocol encryption” option

31 31 SQL Client Registry  Client registry: HKLM\Software\Microsoft\MSSQLServer\Clie nt\SuperSocketNetLib

32 32 Sample ODBC Connection

33 33 Knowledge Base Articles  Q309398, “PRB: SQL Server 2000 Installation Fails with "SSL Security error :ConnectionOpen (SECDoClientHandshake())" Error Message”  Q302409, “FIX: Unable to Connect to SQL Server 2000 When Certificate Authority Name Is the Same As the Host Name of the Windows 2000 Computer”  Q318605, “INF: How SQL Server Uses a Certificate When the Force Protocol Encryption Option is Set On”  Q316898, “HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft Management Console”  Q276553, “HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate Server ”

34 34 Known Issues  Microsoft® Visual Studio®.NET installs the Microsoft SQL Server Desktop Edition of SQL Server. If there are certificates on the computer that are not used for SQL Server, setup may fail.  See Q309398, “PRB: SQL Server 2000 Installation Fails with "SSL Security error :ConnectionOpen (SECDoClientHandshake())" Error Message.”  The SQL Server 2000 release required the certificate’s intended purpose to be client authentication.  Local store versus current user.

35 35 SetCert Utility  Included with the SQL Server 2000 resource kit  Permits you to control the certificate used for SQL Server

36 36 CAPICOM  Cryptographic COM component  Permits you to write scripts to manage certificate stores Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Subject Name: CN=myserver.cherryhill.corp.widget.com SHA-1 Thumbprint: 791B74BFD698B477F7768566365D44FE78BCEF9D Valid To: 3/12/2003 2:34:49 PM Extended Key Usage: Server Authentication(1.3.6.1.5.5.7.3.1)

37 37 Summary  SQL Server 2000 encryption can be implemented from the server or client  The certificate must be installed on the server and the intended purpose must be server authentication  The SQL Server service account must be the same account that requested the certificate  If the client requests an encrypted connection, the Trusted Root Authority must be updated on the client computer  Certificates on a SQL Server cluster must be issued to the virtual SQL Server name

38 38 Thank you for joining us for today’s Microsoft Support WebCast. For information about all upcoming Support WebCasts and access to the archived content (streaming media files, PowerPoint® slides, and transcripts), please visit: http://support.microsoft.com/webcasts/ We sincerely appreciate your feedback. Please send any comments or suggestions regarding the Support WebCasts to feedback@microsoft.com and include feedback@microsoft.com “Support WebCasts” in the subject line.

Download ppt "Using Encryption with Microsoft SQL Server 2000 Kevin McDonnell Technical Lead SQL Server Support Microsoft Corporation."

Similar presentations

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.

Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.

Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Similar presentations

Ads by Google