Share via

AZURE SQL database connection enable TLS trustservercertificate=true , Encrypt=yes from client

Ashwan 536 Reputation points
2022-10-12T04:23:33.203+00:00

Hi we have system internet facing application which connected to Azure SQL database . we are try to connect from application web facing , having issue with TLS setting enable with Encrypt=yes. (ensure that secure connection) . our idea is to enable secure connection and when connect , final out come should be select Encript_option, auth_scheme select sys.dm_exec_connections value should be Encript_option=TRUE . but sure auth_scheme= SQL or FEDERATED

Could you please guide me to configure this in client side and , Azure SQL database side or create any EKM certificate and apply (not sure how to do this)

thanks in advance

Azure SQL Database

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dan Guzman 9,401 Reputation points
    2022-10-12T12:05:26.48+00:00 
     final out come should be select Encript_option, auth_scheme select sys.dm_exec_connections value should be Encript_option=TRUE . but sure auth_scheme= SQL or FEDERATED

    The auth_scheme value of sys.dm_exec_connections is not related to encrypted connections. As long as the encrypt_option shows TRUE, the connection is securely encrypted. honoring the Encrypt=Yes in the connection string.

    0 comments
  2. Ashwan 536 Reputation points
    2022-10-17T02:02:54.903+00:00

    This from MS
    "since custom SSL certificates are not available."
    "you can either set Encrypt=True and TrustServerCertificate=True or Encrypt=False, once Encrypt=False, TLS will still be established, but it will skip checking server-side certificate"

    0 comments
  3. SSingh-MSFT 16,371 Reputation points Moderator
    2022-10-17T06:15:15.993+00:00

    Hi @Ashwan ,

    In order to enable secure connection and when connect as a best practice, recommend that in the connection string used by the application, you specify an encrypted connection and not trust the server certificate. This forces your application to verify the server certificate and thus prevents your application from being vulnerable to man in the middle type attacks.

    250886-image.png

    transparent-data-encryption-tde-overview

    Note: TDE cannot be used to encrypt system databases, such as the master database, in Azure SQL Database and Azure SQL Managed Instance. The master database contains objects that are needed to perform the TDE operations on the user databases. It is recommended to not store any sensitive data in the system databases. Infrastructure encryption is now being rolled out which encrypts the system databases including master.

    Please refer to TLS section (Encryption in transit & Encryption in motion) of this documentation

    Hope this information will help. Please let us know in case of further queries. Thanks.

    0 comments
  4. AMIT KUMAR PANDA 0 Reputation points
    2023-09-13T08:07:31.6966667+00:00

    Hi I am still facing an issue with my linked service as connection failure , How can I solve this issue?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.