Enabling SQL Server SSL Encryption With Powershell

Tracy Boggiano shows how to create and put into place SSL encryption certificates on SQL Server instances using Powershell:

Next we take the exported pfx file and copy it locally to the temp folder of each machine and import into the local certificate store.  Then we edit the registry with the thumbprint of the certificate.  After that you will have to restart SQL Server to get the changes to take effect.  We also clean up after ourselves and delete the pfx from the temp folder.

Note: To make this safe for production I commented out the restart of SQL Server.  Also, Get-CmsHosts cmdlet can found here.

If you’re dealing with sensitive information, enabling (and forcing!) SSL encryption is one of the easiest effective ways of securing an instance; in this case, it’s securing data in transit from SQL Server to and from the client.

Related Posts

Active Directory Integration On Ubuntu

Drew Furgiuele shows how to configure SQL Server on Linux to use Windows authentication: In the following post, we’ll walk through joining a Linux SQL Server on Unbuntu to an Active Directory domain, and here’s the steps we’re going to take: Installing the required software and services to enable a Linux host to talk to […]

Read More

Homoglyphs And SQL Injection

Bert Wagner gives us one more reason why blacklists are bad: Homoglpyhs can exist within a character set (like the Latin character set examples above) or they can exist between character sets. For example, you may have the unicode apostrophe ʼ, which is a homoglyph to the Latin single quote character '. How does SQL Server handle unicode […]

Read More


August 2017
« Jul Sep »