SQL Server 2017 SSL连接行为。 [英] SQL Server 2017 SSL Connection Behaviour.
问题描述
我在Linux CENTOS 7.6.1810上运行SQL Server 2017版本:14.0.3048.4。
我按照以下方式安装了证书: https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-encrypted-connections?view = sql-server-2017
使用Microsoft SQL Server Management Studio V 17.9.1组件版本14.0.17289.0
如果我在选项下选择加密,我会得到您必须使用有效主体名称的预期行为。这意味着您只能使用FQDN。它还在客户端本身上显示它是加密的,当我运行SELECT * FROM sys.dm_exec_connections时在服务器上;
$
如果我通过服务器强制,我可以输入在IP地址或FQDN中。它仅在服务器上指定加密但不在ssms客户端上。这是正常的行为以及我如何判断它是否使用正确的证书进行了真正的加密。
嗨Daniel O'Donnell,
当数据库引擎的强制加密选项设置为YES时,无论是否检查"加密连接"选项(例如来自SSMS)
,客户端和服务器之间的所有通信都是加密的。换句话说,您只需要确保在服务器上配置加密,客户端不需要任何配置,并且连接字符串中不需要加密选项。
正如您在官方文档中看到的那样,Server Initiated Encryption中的示例连接字符串也如上所述。
- 检查服务器和客户端之间的连接是否加密
USE master
GO
SELECT encrypt_option FROM sys.dm_exec_connections
GO
希望它可以帮到你。
最好的问候,
拉结
I am running SQL Server 2017 Version: 14.0.3048.4 on Linux CENTOS 7.6.1810.
I installed the certificate as per: https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-encrypted-connections?view=sql-server-2017
When using Microsoft SQL Server Management Studio V 17.9.1 Component Version 14.0.17289.0
If I select encrypt under options I get the expected behavior that you must use a valid Principal Name. Meaning you can only use FQDN. It also shows on the client itself that it is encrypted and on the server when I run SELECT * FROM sys.dm_exec_connections;
If I Force via server, I can type in the IP Address or FQDN. It only specifies on the server that is is encrypted but not on the ssms client. Is that normal behavior and how I can tell if it is truely encrypted using the right cert.
Hi Daniel O'Donnell,
When the Force Encryption option for the Database Engine is set to YES, all communications between client and server is encrypted no matter whether the "Encrypt connection" option (such as from SSMS) is checked or not. In other words, you only need to make sure that encryption is configured on the server, the client does not need any configuration, and the encryption option is not needed in the connection string.
As you can see in the official document which you provided , Example connection strings in Server Initiated Encryption also do as mentioned above .
-- To check whether connections are encrypted between server and clients USE master GO SELECT encrypt_option FROM sys.dm_exec_connections GO
Hope it can help you .
Best Regards,
Rachel
这篇关于SQL Server 2017 SSL连接行为。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
