This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Basic SSL security question: If I have a public-facing web server requesting data from a SQL Server which is in a DMZ, does the SQL Server require an SSL cert or is the cert set up on the web server side of the connection, and traffic pass through port 445? Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 21%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
No. For TLS encryption between the web server and the SQL Server, SQL Server will have a certificate that is used. Similar to how a web server works. But the protocol is TDS not HTTPS, and the traffic goes over whatever port SQL Server is listening on, 1433 by default.
Thanks. Just a follow-up question. So the web server to SQL Server is encrypted via TLS (1.2). I thought is uses a self-signed certificate on the SQL Server, and best practice is to instead use a enterprise-level SSL cert with higher encryption strength. Is that not correct? If it is correct to install an enterprise cert on the SQL Server, how does that relate to there being a cert on the web server as well? I think I get it but just to confirm... a web server SSL cert encrypts web client to web server traffic, and TLS (and/or SSL cert) on the SQL Server encrypts web server to SQL Server connection. Am I sort of close?
Basically. Using a custom cert on the SQL Server is not for encryption strength, it's to authenticate the SQL Server to the web server. It prevents a man-in-the-middle or DNS spoofing attack.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 46%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi @David C ,
In addition, please refer to this article which might help.
Best Regards,
Amelia
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.