Encrypting SharePoint SQL Connections [Clustered & Non Clustered]

To configure the non-clustered server to accept encrypted connections

1. Ensure the SQL Service Account (Ex: SVC01) has been enabled admin access on the SQL server machine.

2. Login to SQL server using SVC01 account.

3. In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for <server instance>, and then selectProperties.

4. In the Protocols for <instance name> Properties dialog box, on the Certificate tab, select the desired certificate from the drop down for the Certificate box, and then click OK.

5. On the Flags tab, in the ForceEncryption box, select Yes, and then click OK to close the dialog box.

6. Restart the SQL Server service.

To configure the Clustered server to accept encrypted connections

1. Ensure the SVC01 account has been enabled admin access on the SQL server machine.

2. Login to SQL server using SVC01 account.

3. In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for <server instance>, and then selectProperties.

4. On the Flags tab, in the ForceEncryption box, select Yes, and then click OK to close the dialog box.

5. Since this is a clustered environment the certificate installed on the previous step will not be visible on the Certificate tab. Hence the certificate needs to be associated through a registry entry update as described in the following section.

6. Click OK.

7. Export the certificate thumbprint by running this command on elevated command window.

   certutil  –store –user my > cert.txt

8. Open the cert.txt file and find the property Cert Hash(sha1): corresponding to the cluster certificate.

9. Copy the hex value to Notepad and remove the spaces.

10. Start Regedit and copy the hex value to this key: HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\<YourSQLServerInstance>\MSSQLServer\SuperSocketNetLib\Certificate

11. Restart the SQL Server service.

12. Perform the same steps on other nodes of the SQL cluster.

To configure the SharePoint servers to request encrypted connections

1. Logon to every server instance on the SharePoint farm

2. Copy either the original certificate or the exported certificate file to the client computer.

3. On the client computer, use the Certificates snap-in to install either the root certificate or the exported certificate file.

4. In the console pane, right-click SQL Server Native Client Configuration, and then click Properties.

5. On the Flags page, in the Force protocol encryption box, click Yes