Does the SSL connection work for SQL Server without Certificate?

David Qin 6 Reputation points
2022-10-19T18:08:06.263+00:00

when I connect to a SQL Server using SSMS, i checked the checkbox "Encrypt Connection" and "Trust Server Certificate". On SQL Server side, I didn't add any certificate to SSCM (SQL Server Configuration Manager)

But when I query sys.dm_exec_connections for my connection, the column "Encrypt_option" is TRUE.

I want to know if the connection is SSL encrypted connection?
If yes, what server certificate is being used?

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,631 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Sreeju Nair 12,266 Reputation points
    2022-10-19T18:38:10.61+00:00

    See the following from the SQL Server Client Documentation

    "SQL Server always encrypts network packets associated with logging in. If no certificate has been provisioned on the server when it starts up, SQL Server generates a self-signed certificate which is used to encrypt login packets."

    Refer: https://learn.microsoft.com/en-us/sql/relational-databases/native-client/features/using-encryption-without-validation?view=sql-server-ver16

    0 comments No comments

  2. YufeiShao-msft 7,116 Reputation points
    2022-10-20T06:08:54.307+00:00

    Hi @David Qin

    To enable encryption to be used when a certificate has not been provisioned on the server, SQL Server Configuration Manager can be used to set both the Force Protocol Encryption and the Trust Server Certificate options. In this case, encryption will use a self-signed server certificate without validation if no verifiable certificate has been provisioned on the server.

    You can try to enable TrustServerCertifiate (be set to true) in the client configuration,

    -------------

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.