Authenticating database connections (Advanced) - Security Center 5.11

Security Center Hardening Guide 5.11

Product
Security Center
Content type
Guides > Administrator guides
Version
5.11
Language
English
Last updated
2023-03-13

To authenticate database connections, your SQL Server must use a Fully Qualified Domain Name (FQDN) certificate that is trusted by the machines that connect to the database.

What you should know

Security Center database connections are always encrypted, but not authenticated by default.

Procedure

  1. In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for <SQL_instance>, and select Properties.
    The Protocols for <SQL_instance> dialog box opens.
  2. Under the Certificate tab, select the required certificate from the list and click OK.
  3. Under Protocols for <SQL_instance>, right-click TCP/IP, and select Properties.
    The TCP/IP Properties dialog box opens.
  4. Under the Protocol tab, set Enabled to Yes.
  5. Under the IP Addresses tab, scroll down to IPAll and set TCP Port to an allowed value.
  6. Click OK.
  7. Restart the SQL Server service.
  8. For the Directory role, do the following:
    1. In Server Admin, open the main server.
    2. Under Directory, update Database server with an FQDN and port.
      The required format is: <FQDN>,<PORT>\<SQL_instance>
      Directory section of the Server page in Server Admin with the Database server field highlighted.
    3. Select Validate certificate.
    4. Click Save.
      The Directory is restarted before the changes take effect.
  9. For all other roles that connect to the database, do the following:
    1. In Config Tool, open System > Roles and select the role.
    2. Click the Resources tab, and update Database server with an FQDN and port.
      The required format is: <FQDN>,<PORT>\<SQL_instance>

    3. Turn on the Validate certificate option.
    4. Click Apply.

After you finish

For more information, see Enable Encrypted Connections to the Database Engine.