I'm working on a project and have some questions about SQL 2000 and SSL.
Some background - SQL 2000 (SP4) running on 2003 Server. Server is domain member on internal network. Clients are XP machines running an Access based off-the-shelf application - they enter data and upload to server over Internet using ODBC connection (connection is secured via various methods.) The SQL server replicates this data to other SQL servers using merge and transactional replication. The client PCs and other servers belong to multiple agencies and I have limited access to them. One of the requirements is that we encrypt all traffic using SSL. I've been testing without SSL and everything is working fine.
I've looked at all the MS knowledge base articles and I think the following is what I need to do:
1 - order SSL certificate that has the FQDN of the server that is running SQL.
(I'm going to order third party certificate for ease of admin.)
2 - install certificate using MSC snap-in
3 - set SQL Server to require all connections be encrypted (this will be easier than configuring all the client PCs)
4 - reboot server
If all the connecting PCs and servers have the certificate issuing authority listed in "Trusted Root Certification Authorities," I'm assuming that they will continue to connect successfully.
Is that all there is to it? Any gotcha's I need to be aware of?
I'm using SQL Server backup to do backups to another server - what impact will SSL have on this? I'm using Ultrabac to do image based backups of the entire partition - will SSL have any impact on this? Will it have any impact on the server itself, or is the impact of the SSL confined to the SQL Server?