0

So I have a SQL Server 2016 instance running a mission critical workload. I want to install an SSL/TLS (publicly signed) certificate into the server, and enable encryption.

But I don't want to incur any downtime during this process. I am worried that when I deploy the certificate and enable encryption, this will cause downtime of some kind - either by requiring a restart of the server, or it will somehow cause existing non-encrypted connections from applications to begin failing.

So really hoping to get some guidance from a SQL Server expert on what to do to avoid downtime when enabling SSL encryption on the server. I am OK with not setting the server to require encryption on all connections.

A X
  • 382
  • 2
  • 8
  • 23

1 Answers1

1

You can install a SSL/TLS TCP reverse proxy. Then instruct clients to use that machine. Limit the access to non-SSL port via firewall. This should be possible with haproxy.

Mircea Vutcovici
  • 16,706
  • 4
  • 52
  • 80
  • Is there no way to do it using the built-in product only? – A X Dec 25 '19 at 06:30
  • Nope. See MS documentation: https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine?view=sql-server-ver15 – Mircea Vutcovici Dec 25 '19 at 07:11