Authenticating database connections (Advanced) - Security Center 5.9

Security Center Hardening Guide 5.9

series
Security Center 5.9
revised_modified
2020-11-30

To authenticate database connections, you must ensure that the SQL Server uses a Fully Qualified Domain Name (FQDN) certificate that is trusted by the machines that connect to the database.

What you should know

Security Center database connections are always encrypted, but not authenticated by default.

Procedure

  1. In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for <SQL_instance>, and select Properties.
    The Protocols for <SQL_instance> dialog box opens.
  2. Under the Certificate tab, select the required certificate from the list and click OK.
  3. Under Protocols for <SQL_instance>, right-click TCP/IP, and select Properties.
    The TCP/IP Properties dialog box opens.
  4. Under the Protocol tab, set Enabled to Yes.
  5. Under the IP Addresses tab, scroll down to IPAll and set TCP Port to an allowed value.
  6. Click OK.
  7. Restart the SQL Server service.
  8. For the Directory role, do the following:
    1. In Server Admin, open the main server.
    2. Under Directory, update Database server with an FQDN and port.
      The required format is: <FQDN>,<PORT>\<SQL_instance>

    3. Select Validate certificate.
    4. Click Save.
      The Directory is restarted before the changes take effect.
  9. For all other roles that connect to the database, do the following:
    1. In Config Tool, open System > Roles and select the role.
    2. Click the Resources tab, and update Database server with an FQDN and port.
      The required format is: <FQDN>,<PORT>\<SQL_instance>

    3. Set Validate certificate to ON.
    4. Click Apply.

After you finish

For more information, see Enable Encrypted Connections to the Database Engine.