Next we take the exported pfx file and copy it locally to the temp folder of each machine and import into the local certificate store. Then we edit the registry with the thumbprint of the certificate. After that you will have to restart SQL Server to get the changes to take effect. We also clean up after ourselves and delete the pfx from the temp folder.
Note: To make this safe for production I commented out the restart of SQL Server. Also, Get-CmsHosts cmdlet can found here.
If you’re dealing with sensitive information, enabling (and forcing!) SSL encryption is one of the easiest effective ways of securing an instance; in this case, it’s securing data in transit from SQL Server to and from the client.
Comments closed