cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL configuration for SQL AG setup having 4 replicas and two listners

SQLSyd
Copper Contributor

‎May 07 2024 05:46 PM

‎May 07 2024 05:46 PM

SSL configuration for SQL AG setup having 4 replicas and two listners

Good Morning Team,

 

Can you please guide me for SSL seup with SQL AG listener. We have a platform having 4 AG replicas and one listner having 3 DBs part of AG group. There is a request to have another DB to be added on server which need SSL encryption.

 

Can we create and configure SSL certificate with existing replicas, listener and choose Option "No forced encryption" and only on client side update config file to use encryption for new database or updating certificate at instance level will make all connection encrypted for existing DBs on existing listener as well ?

 

 

160 Views
0 Likes
4 Replies
Reply
4 Replies
SivertSolem

‎May 13 2024 06:41 AM

‎May 13 2024 06:41 AM

Re: SSL configuration for SQL AG setup having 4 replicas and two listners

Applying a certificate without "Force Encryption" will let the client decide whether it wants to use encryption or not.

Which means you may start finding encrypted connections to the existing databases as well.
0 Likes
Reply
SQLSyd

‎May 13 2024 02:35 PM

‎May 13 2024 02:35 PM

Re: SSL configuration for SQL AG setup having 4 replicas and two listners

@SivertSolem Thank you.

 

Does it means, With new certificate imported to SQL, No force encryption, New client can connect with encryption in connection string and old client can connect without encryption like normal without any change in connection string ?

0 Likes
Reply
SivertSolem

‎May 15 2024 06:28 AM

‎May 15 2024 06:28 AM

Re: SSL configuration for SQL AG setup having 4 replicas and two listners

Yes, though I'd recommend you test it yourself.

As described in the scenario 2 in this article, where you have not checked the "force encryption" option, only the clients which require encryption needs to be configured for it.
No action is performed on the clients that does not need to use a secure channel.

https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/special-cases-for-encrypting...

0 Likes
Reply
SQLSyd

‎May 15 2024 05:08 PM

‎May 15 2024 05:08 PM

Re: SSL configuration for SQL AG setup having 4 replicas and two listners

Thank you

I will test and will update you.
0 Likes
Reply