Securing the connection from AppScan Enterprise to SQL Server

This procedure describes how to install a certificate on a computer that is running Microsoft™ SQL Server by using Microsoft Management Console (MMC) and describes how to enable SSL Encryption at the server.

Before you begin

  1. If you are creating an SSL certificate on the computer that hosts SQL Server, make sure that IIS is installed on that computer or this procedure won't work.
  2. If you are using a purchased SSL certificate, or one that was generated from an internal certificate authority, start at Step 2 of this procedure.

About this task

When you secure the connection on the SQL Server computer, the SQL Server encrypts its connection by using SSL. When the AppScan Enterprise Server tries to connect to the SQL Server, the SQL Server lets the AppScan Enterprise Server know that it's going to use an SSL connection during the initial handshake, and they communicate that way. The AppScan Enterprise Server knows how to talk to the SQL Server over SSL. The SQL Server uses the certificate to encrypt to connection and exchanges that information with the AppScan Enterprise Server.

Procedure

  1. On the computer that hosts SQL Server, create an SSL certificate:
    1. Go to Control Panel > Administrative Tools > IIS Manager > Server Certificates > Create Self-Signed Certificate.
    2. Give the certificate a name, click OK and Export the certificate.
    3. Close IIS Manager.
  2. On the computer that hosts SQL Server, start MMC console (Start > Run > mmc).
    1. Go to File > Add/Remove Snap-in > Certificates > Add > Computer account.
    2. Select the computer that you want the snap-in to manage and click Finish > OK.
    3. Expand Certificates and right-click the Personal folder and go to All Tasks > Import.
    4. Follow the wizard instructions and import the certificate.
    5. Close the MMC Console and restart the SQL service.
      Important: Make sure that the service account has access to certificates. It might need to run as a local account.
  3. Open SQL Server Configuration Manager:
    1. Expand SQL Server Network Configuration right-click Protocols for <sql server name> and then select Properties.
    2. On the Flags tab, select Yes in the Force encryption box, and then click OK.
    3. Select the certificate from the Certificate tab and click OK to close the window.
    4. Restart the SQL Server service.
  4. If you are running SQL Server with a non-privileged service account, you must enable the private key to be readable by the SQL Server service account. Follow the steps in this article: Permissions required for SQL Server Service account to use SSL certificate.
    Note: Read these sections: "Few more tips while enabling the encrypted connection" and "Permissions to the Private Key portion of the Imported Certificate - FIX" in this article: Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager).