Install the certificate on the SQL Server computer

To establish encrypted connections to the database, first install the certificate on the SQL Server computer.
To install the certificate on the SQL Server computer
  1. Add the snap-in.
    1. On the
      Start
      menu, select
      Run
      , enter
      MMC
      in the
      Open
      box, and then select
      OK
      .
    2. In the Microsoft Management Console, select
      File > Add/Remove Snap-in
      .
    3. In the
      Add or Remove Snap-ins
       dialog box, select
      Certificates
      , and then select
      Add
      .
    4. In the
      Certificates snap-in
      dialog box, select
      Computer account
      , and then select
      Next
      .
    5. In the
      Select Computer
       dialog box, keep the default
      Local computer
       selection, and then select
      Finish
      .
    6. In the
      Add or Remove Snap-ins
       dialog box, select
      OK
      .
  2. Import the certificate.
    1. In the Microsoft Management Console, expand
      Certificates > Personal
      , right-click
      Certificates
      , and then select
      All Tasks > Import
      .
    2. In the Certificate Import Wizard, specify the certificate file's full path, and then select
      Next
      .
    3. Enter the password, and then select
      Next
      .
    4. Specify the certificate store as
      Trusted Root Certification Authorities
      , and then select
      Next
      .
    5. Select
      Finish
      .
  3. Add the SQL Server service account permission.
    1. In the Microsoft Management Console, right-click the imported certificate, and then select
      All Tasks > Manage Private Keys
      .
    2. In the
      Security
      dialog box, add read permission for the user account used by the SQL Server service account. Note that the location should be your local computer name.
      TIP:
      To find the SQL Server service account:
      1. Open Windows
        Services
        .
      2. Double-click
        SQL Server (InstanceName)
        .
      3. Select the
        Log On
         tab, and then find the SQL Server service account in the
        This account
         box.
  4. Add the certificate to the SQL Server instance.
    1. Open SQL Server Configuration Manager.
    2. Expand
      SQL Server Network Configuration
      , right-click
      Protocols for InstanceName
      , and then select
      Properties
      .
    3. In the
      Protocols for InstanceName Properties
       dialog box, select the
      Certificate
      tab, and then select the certificate from the
      Certificate
      list.
    4. Select
      OK
      .
  5. (optional) Force encryption.
    • In the
      Protocols for InstanceName Properties
       dialog box, select the
      Flags
      tab, and then set
      Force Encryption
      to
      Yes
      .
      When
      Force Encryption
       is set to
      Yes
      , the encryption setting of
      Database Connection Properties
       will be ignored. The connections to the SQL Server instance will always be encrypted.
  6. Restart SQL Server.
    1. In SQL Server Configuration Manager, select
      SQL Server Services
      .
    2. Right-click
      SQL Server (InstanceName)
      , and then select
      Restart
      .
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal