I need to connect to the MS SQL Server 2008 r2 using the secure communication. I have been able to do the same using the following connection string:
jdbc:sqlserver://<<db server name>>:1433;databaseName=<<db name>>;selectMethod=cursor;encrypt=true;trustServerCertificate=false;integratedSecurity=false;trustStore=<<path to my trust store>>;trustStorePassword=<<password>>
On the DB server I have used Configuration Manager to specify the certificate to be used and enable 'Forced Encryption'
SQL Server Configuration Manager -> SQL Server Network Configuration -> Protocols for <> – Right Click -> Properties -> Force Encryption and Certificate
however, I am able to connect to the same DB without specifying 'encrypt=true' that is with the following URL:
jdbc:sqlserver://<<db server name>>:1433;databaseName=<<db name>>;selectMethod=cursor;
My confusion is that when SQL Server has been configured for secure connection, shouldn't it reject/ignore the non-encypted connection. Or do I need to do addtional configuration so the DB server accepts only secure connections
Thanks and Regards
P Manchanda
Best Answer
No. As per documentation it will have a encrypted connnection.
Check http://social.msdn.microsoft.com/Forums/sqlserver/en-US/bde679d9-ff83-4fa7-b402-42e336a97106/force-encryption-on-sql-server-not-working
Simple like that - your connection string setting is ignored.
This can be checked on the server via: