Download presentation
Presentation is loading. Please wait.
Published byBlake Barrett Modified over 9 years ago
1
Using Encryption with Microsoft SQL Server 2000 Kevin McDonnell Technical Lead SQL Server Support Microsoft Corporation
2
2 Presentation Content We will discuss how to set up Microsoft® SQL Server™ 2000 with SSL encryption This is not a discussion on Certificate Server, PKI, or an in-depth discussion of SSL
3
3 Data Encryption SQL Server 7.0 vs. SQL Server 2000 In SQL Server 7.0, we used the Multiprotocol library and enabled the encryption option Not strong encryption Not strong encryption Requires additional protocol MSRPC Requires additional protocol MSRPC Requires additional ports opened on the firewall Requires additional ports opened on the firewall Not supported for named instances Not supported for named instances SQL Server 2000 Strong encryption Strong encryption Uses only the TCP protocol Uses only the TCP protocol
4
4 SQL Server 2000 Encryption There is no wizard to install a certificate There is no SQL GUI to manage certificates There is no way to identify which connections are encrypted and which connections are not There is no SQL GUI to verify a certificate is valid The certificate is read on the server during SQL Server startup
5
5 SQL Server 2000 Overview Net-Library Architecture TCPIPX/SPXNet-Library Router Encryption Layer SSNetLib - Server Socket Net-Library SQL Server
6
6 SQL Server 2000 Client Overview Requires MDAC 2.6 or later to be installed Does not require SQL Server 2000 Tools Programmers can request SSL encryption in their connection string ODBC : Encrypt = Yes ODBC : Encrypt = Yes Oledb : Use Encryption for Data = True Oledb : Use Encryption for Data = True
7
7 SQL Server 2000 Client Overview Net-Library Architecture Client Application Oledb Provider or ODBC Driver Client Net-Library DBNetlib.dll TCPIPX/SPXNet-Library Router Encryption Layer
8
8 Certificate Request From a Microsoft Certificate Authority Server Stand-Alone CA Enterprise CA SQL Server 2000 Web request: Use advanced request using a form. MMC request. Virtual SQL Server 2000 Cluster Web request: Use advanced request using a form. Must specify virtual server name. Web request: Use advanced request using a form. Change certificate template to Web Server.
9
9 Encryption Planning for SQL Server 2000 Enabling SSL Encryption from the Server Use the SQL Server Network Utility Forces all incoming connections to be encrypted Install server certificate only All or nothing — the server will not start if the certificate is not found or is invalid
10
10 Encryption Planning for SQL Server 2000 (2) Enabling Encryption from the Client Using the Client Network Utility Use the SQL Server Client Network Utility Forces all client connections to be encrypted Can no longer connect to SQL Server 7.0 Install server certificate — client requires updated Trusted Root Authority
11
11 Certificate Request From a Stand-Alone CA
12
12 Certificate Request Change the Intended Purpose
13
13 Certificate Request Certificate Store Location
14
14 Certificate Request Submit Certificate Request to CA
15
15 Certificate Request Pending CA Approval
16
16 Certificate Request Check on a Pending Certificate
17
17 Certificate Request Select the Certificate Request You Want To Check
18
18 Certificate Request Install the Certificate
19
19 View Certificate in MMC
20
20 Certificate General Information
21
21 SQL Server 2000 Server Network Utility Select the “Force protocol encryption” check box to enable SSL encryption
22
22 SQL 2000 Server Registry The registry that shows server-enabled encryption is: HKLM\Software\Microsoft\MSSQLServer\MSS QLServer\SuperSocketNetLib
23
23 Certificate Request From an Enterprise CA
24
24 Certificate Request Using MMC
25
25 Certificate Request (2) Using MMC
26
26 Certificate Request (3) Using MMC
27
27 Certificate Request (4) Using MMC
28
28 Certificate Request (5) Using MMC
29
29 Client Request for Encryption The SQL Server must have the certificate installed The client computer must update the Trusted Root Authority Export the Trusted Root Authority from the server and import it on the client computer Enable “Force protocol encryption” from the SQL Client Network Utility or use the appropriate connection string Recommended for SQL Server cluster
30
30 SQL Server 2000 Client Network Utility Enabling the “Force protocol encryption” option
31
31 SQL Client Registry Client registry: HKLM\Software\Microsoft\MSSQLServer\Clie nt\SuperSocketNetLib
32
32 Sample ODBC Connection
33
33 Knowledge Base Articles Q309398, “PRB: SQL Server 2000 Installation Fails with "SSL Security error :ConnectionOpen (SECDoClientHandshake())" Error Message” Q302409, “FIX: Unable to Connect to SQL Server 2000 When Certificate Authority Name Is the Same As the Host Name of the Windows 2000 Computer” Q318605, “INF: How SQL Server Uses a Certificate When the Force Protocol Encryption Option is Set On” Q316898, “HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft Management Console” Q276553, “HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate Server ”
34
34 Known Issues Microsoft® Visual Studio®.NET installs the Microsoft SQL Server Desktop Edition of SQL Server. If there are certificates on the computer that are not used for SQL Server, setup may fail. See Q309398, “PRB: SQL Server 2000 Installation Fails with "SSL Security error :ConnectionOpen (SECDoClientHandshake())" Error Message.” The SQL Server 2000 release required the certificate’s intended purpose to be client authentication. Local store versus current user.
35
35 SetCert Utility Included with the SQL Server 2000 resource kit Permits you to control the certificate used for SQL Server
36
36 CAPICOM Cryptographic COM component Permits you to write scripts to manage certificate stores Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Subject Name: CN=myserver.cherryhill.corp.widget.com SHA-1 Thumbprint: 791B74BFD698B477F7768566365D44FE78BCEF9D Valid To: 3/12/2003 2:34:49 PM Extended Key Usage: Server Authentication(1.3.6.1.5.5.7.3.1)
37
37 Summary SQL Server 2000 encryption can be implemented from the server or client The certificate must be installed on the server and the intended purpose must be server authentication The SQL Server service account must be the same account that requested the certificate If the client requests an encrypted connection, the Trusted Root Authority must be updated on the client computer Certificates on a SQL Server cluster must be issued to the virtual SQL Server name
38
38 Thank you for joining us for today’s Microsoft Support WebCast. For information about all upcoming Support WebCasts and access to the archived content (streaming media files, PowerPoint® slides, and transcripts), please visit: http://support.microsoft.com/webcasts/ We sincerely appreciate your feedback. Please send any comments or suggestions regarding the Support WebCasts to feedback@microsoft.com and include feedback@microsoft.com “Support WebCasts” in the subject line.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.