Support for encrypted connections to MS SQL with only CA certificate

sigurdur posted 1 year ago in General


I have a customer who tries to establish encrypted connections to MS SQL Server with HeidiSQL over TCP/IP, and it seems they are unable to.

The server operators have created a local CA, issued a certificate to the SQL Server and then sent the certificate to my client.

The theory is that by trusting the CA certificate it should be possible to establish a SSL/TLS encrypted connection to the server.

They succeed in doing this with some kind of Microsoft SQL tool (I don't know which).

With yesterdays nightly build of HeidiSQL thay are not able to get encrypted connections. Two methods has been tested:

1) Import CA certificate in windows, tick "Use SSL" when setting up the connection, leave all SSL*file-fields empty

2) No import of CA certificate, tick "Use SSL" when setting up the connection, add CA certificate in SSL Options tab. The latter is both tested with the certificate in DER encoded form and as "straight" x509 certificate.

The SQL server is supposedly configured to allow, but not require, encrypted connections.

Should this work at all? Are we doing it wrong?

kind regards, -sigurd

sigurdur posted 1 year ago

I think a forum post from last year might be quite similar (I'm not allowed to post URLs yet, but the link would end in) forum.php?t=23280


Please login to leave a reply, or register at first.