Security 1: Configure an ssl connection between sqlserver and client

MSSQLServer's plaintext transmission of passwords is a security defect. I will not describe the specifics. If you are interested, please refer to this article: in-depth exploration of sql2000 network connection security issues, so I can only talk about how I implement sqlserver2000 ssl. Because there are a lot of materials, I only need to take one rough step. And I used the materials,

Ms SQL Server password plaintext transmission is a security defect. I will not describe the specifics. If you are interested, please refer to this article: in-depth exploration of sql2000 network connection security issues, so I can only talk about how I implement SQL server 2000 ssl. Because there are a lot of materials, I only need to take one rough step. And I used the materials,

Password plaintext transfer for ms SQL Server isSecurity. I will not describe the specifics. If you are interested, please refer to this article: Exploring the sql2000 network in DepthConnectionSecurityProblem
So I can only talk about how I implement SQL server 2000 ssl. Because there are a lot of materials, I only need to take one rough step. In addition, I listed all the materials I used and the problems I encountered. For more information, see
About enabling SQL server 2000 sslConnectionOperations
By defaultConnectionIt is in plain text and may be monitored by other malicious attackers on the network using the sniffer software. Therefore, when the height is requiredSecurityWhen using ssl, you can consider using ssl on the client and server.ConnectionTo improveSecurity.
ConfigurationSql2000 uses ssl and must have a Certificate Server in the network.ConfigurationSteps:
1. Choose "add and delete programs"> "add and set up"> "Certificate Service"
2. Follow the Certificate Service prompts to install the enterprise Root ca or independent Root ca. I chose an independent Root ca.
3. After installation, check that the "Certificate Authority" plug-in appears in the management tool.
The following operations request a certificate for SQL server:
1. if you select an independent Root ca, open the IE browser. Enter http: // servername/certsrv in the address bar to submit a certificate application to your certificate server.
2. On the Application page, select "request Certificate"> "Advanced request"> "submit a request using the form". Next Step
3. Enter the certificate name in the certificate content. Note that you must select the fqdn name of the server. Otherwise, an error may occur. Select "Server Authentication Certificate" for the applied Certificate, and select "use local computer storage" to submit the request.
4. Authorize this application in ca, select View submitted application option in ie, and install the certificate
Check whether the certificate is correctly installed:
1. In the ie-property-content-certificate option, check whether the issued certificate exists and its function is "Server Authentication"
2. Open the mmc console and add the certificate plug-in (including the computer account ). Confirm that the issued certificate exists.

Operations on the SQL Server:
1. In SQL's "SQL Server Network Utility", select "Force protocol encryption"
2. Restart MSSQLServer service. OK
3. In "client utility", select "Force protocol encryption"

Test:
You can use Query Analyzer and ODBC applicationConnectionThen, use the network monitoring software to capture packets and check whether ssl is enabled.

Common Errors:
1. When installing the certificate service, set the name of the Certificate Service to the same name as the host name. This will cause the SQL server to fail during initialization, this problem can be seen kb: http://support.microsoft.com/default.aspx? Scid = kb; en-us; 302409 & Product = sql2k
2. When applying for a certificate, the certificate name does not use the fqdn fully qualified domain name. This is one of the reasons for the SQL server "SSL Security error: ConnectionOpen (SECDoClientHandshake ()" error. Kb309398 elaborated this question: http://support.microsoft.com/default.aspx? Scid = kb; en-us; 309398 & Product = sql2k
3. Installation for ReferenceConfigurationArticle: how to: Enable SSL Encryption for SQL Server 2000 with Certificate Server can see kb: http://support.microsoft.com/default.aspx? Scid = kb; en-us; 276553 & Product = sql2k #2 (with ppt files available for download)
Http://support.microsoft.com/default.aspx? Scid = kb; en-us; 324777 & Product = sql2k