Securing database connections with TLS

You can skip this section and go to Configure SQL Network Settings in SQL Server Configuration Manager if you already have the Web Server SH2 certificate.

Important! This is only recommended for production environments, especially in the case of a multi-node installation where SQL Server must be exposed on the network.

Creating a server certificate

Use the following procedures to prepare a SQL server for Secure Connections:

  1. Log on to the server.

  2. From the Start menu, open Run app.

  3. Type mmc and click OK to open the Microsoft Management Console. This is only recommended for production environments, especially in the case of a multi-node installation where SQL Server must be exposed on the network.

  4. Navigate to File > Add/Remove Snap-in > Certificates > Add > Computer Account> Next > Local Computer > Finish. Click OK.

  5. Expand Certificates (Local Computer) > Personal > Certificates.

  6. Right-click in the window and select All Tasks > Request New Certificate.

  7. The Certificate Enrollment dialog will open, click Next.

  8. Select Web Server SH2 and click the More information is required to enroll for this certificate link to configure settings.

    The Certificate Enrollment dialog

    The Certificate Properties dialog appears.

  9. On the Subject tab, enter the following:

    1. Under the Subject name, select Common name in the Type dropdown menu and provide FQDN of the SQL Host (for example. azr-iee-web-sd2.itron.com), and then click Add.

    2. Under Alternative name, select DNS in the Type dropdown menu and enter the following values:

      1. FQDN, click Add.

      2. HOSTNAME (for example, azr-iee-web-sd2), click Add.

      3. localhost, click Add.

  10. On the General tab, enter a friendly name.

  11. On the Private Key tab, expand Key permissions, select Use custom permission, and then click on Set permissions.

    1. Select CREATE OWNER > ADD > Locations > FQDN > OK.

  12. In the "Enter the object names to select" text area, enter network, click check names, select Network Service, and then click OK.

    The Certificate Properties dialog

  13. On the Security tab, select Read in the Permissions for NETWORK SERVICE section and click OK.

    The Read option on the Security tab

  14. Click OK.
  15. Click Enroll, and then click Finish once completed.

Tip: To see the newly created certificate, go to Certificate Store > Personal Certificates on your machine.