I am using Microsoft OLEDB Provider for SQL Server to create connection.I followed below steps to make my connection SSL secured
step 1. I installed self signed certificate on server and attach it with SQL server(MSSQLSERVER->properties->certificate) and turn on Force encryption to "Yes".
Step 2. I exported the certificate and installed on client machine.(vie MMC->add/remove snap in)
step 3. Added "Use encryption for data=True" in connection string.
step 4. In SQL Server client network utility(on client machine), turn Force protocol encryption to "yes"
step 5. My conncetion string sample : CString SSlcon_string = "provider=SQLOLEDB;Use Encryption For Data=True;TrustServerCertificate=No;server=MyServer;Database=MyDatabase";
Now my observation :
It is able to create SSL connection if server has certificate otherwise it is not creating SSL connection(not failing, creating unsecure connection)
regardless of any settings. i.e it doesn't bother about whether the client has certificate or not, client has marked the force protocol encryption to yes or no.It is not even validating even a single condition on client side.
https://msdn.microsoft.com/en-us/library/ff649255.aspx I followed exactly this procedure but couldn't get desired result.
Requirment : The SSL connection should be created only if the client and server has same certificate(certificate should be validated by client and server ), otherwise the connection itself should fail.
step 1. I installed self signed certificate on server and attach it with SQL server(MSSQLSERVER->properties->certificate) and turn on Force encryption to "Yes".
Step 2. I exported the certificate and installed on client machine.(vie MMC->add/remove snap in)
step 3. Added "Use encryption for data=True" in connection string.
step 4. In SQL Server client network utility(on client machine), turn Force protocol encryption to "yes"
step 5. My conncetion string sample : CString SSlcon_string = "provider=SQLOLEDB;Use Encryption For Data=True;TrustServerCertificate=No;server=MyServer;Database=MyDatabase";
Now my observation :
It is able to create SSL connection if server has certificate otherwise it is not creating SSL connection(not failing, creating unsecure connection)
regardless of any settings. i.e it doesn't bother about whether the client has certificate or not, client has marked the force protocol encryption to yes or no.It is not even validating even a single condition on client side.
https://msdn.microsoft.com/en-us/library/ff649255.aspx I followed exactly this procedure but couldn't get desired result.
Requirment : The SSL connection should be created only if the client and server has same certificate(certificate should be validated by client and server ), otherwise the connection itself should fail.