Everything You Need to Know

Secure Connection

Microsoft SQL Server

Estimated reading: 5 minutes 4 views

OneDB supports secure connections for Microsoft SQL Server database traffic through the OneDB Listener. This allows SQL Server client applications to connect to OneDB using an encrypted connection before the traffic is forwarded to the target Microsoft SQL Server Database.

Secure Connection is useful for environments that require encrypted communication between applications and database access points.

Before You Begin

Before configuring the SQL Server client, make sure the following items are already prepared:

  1. The SQL Server Database connection has been registered in OneDB.
  2. The OneDB Listener has been created for the SQL Server connection.
  3. Secure Connection has been enabled on the OneDB Listener.
  4. The listener port is open and reachable from the client machine.
  5. The required certificate or trust configuration is available on the SQL Server client side, if certificate validation is required.

Listener Configuration in OneDB

In OneDB Web Console, go to the Listener configuration page and create or edit a Microsoft SQL Server listener.

Make sure the following settings are configured:

Setting Description
Database Type Microsoft SQL Server
Listener Host OneDB server hostname or IP address
Listener Port Port used by the OneDB Listener
Target Connection SQL Server database connection registered in OneDB
Secure Connection Enabled

After saving the listener configuration, start or reload the listener.

SQL Server Client Connection Format

For secure SQL Server connections, the client should connect to the OneDB Listener with encryption enabled.

Example connection string:

Server=onedb-listener-host,1434;Database=app_db;User Id=app_user;Password=app_password;Encrypt=True;TrustServerCertificate=True;

Replace the following values based on your environment:

Value Description
onedb-listener-host Hostname or IP address of the OneDB Listener
1434 Secure listener port configured in OneDB
app_db SQL Server database name
app_user SQL Server database username
app_password SQL Server database password

Encryption Options

SQL Server clients usually support several encryption-related options.

Option Description
Encrypt=True Enables encrypted communication
TrustServerCertificate=True Allows encryption without validating the server certificate chain
TrustServerCertificate=False Requires certificate validation
HostNameInCertificate Used to match the certificate hostname when certificate validation is enabled

For a basic secure connection setup through OneDB Listener, use:

Encrypt=True;TrustServerCertificate=True;

For stricter certificate validation, use:

Encrypt=True;TrustServerCertificate=False;

The exact option depends on your organization’s security policy and certificate configuration.

Example Using sqlcmd

Example using sqlcmd:

sqlcmd -S onedb-listener-host,1434 -d app_db -U app_user -P app_password -N -C

The options used above:

Option Description
-S SQL Server host and port
-d Database name
-U Username
-P Password
-N Enables encrypted connection
-C Trusts the server certificate

After connecting, run a simple query:

SELECT 1;
GO

f the query returns successfully, the SQL Server client is connected through the OneDB Listener using a secure connection.

Example Using JDBC

For Java applications, the Microsoft SQL Server JDBC URL can include encryption parameters.

Example:

jdbc:sqlserver://onedb-listener-host:1434;databaseName=app_db;encrypt=true;trustServerCertificate=true;

Example Spring Boot configuration:

spring.datasource.url=jdbc:sqlserver://onedb-listener-host:1434;databaseName=app_db;encrypt=true;trustServerCertificate=true;
spring.datasource.username=app_user
spring.datasource.password=app_password
spring.datasource.driver-class-name=com.microsoft.sqlserver.jdbc.SQLServerDriver

For stricter certificate validation:

jdbc:sqlserver://onedb-listener-host:1434;databaseName=app_db;encrypt=true;trustServerCertificate=false;

If hostname validation is required, the certificate hostname should match the listener hostname used by the client.

Example:

jdbc:sqlserver://onedb-listener-host:1434;databaseName=app_db;encrypt=true;trustServerCertificate=false;hostNameInCertificate=onedb-listener-host;

Example Using .NET Connection String

For .NET applications, the connection string can be configured as follows:

Server=onedb-listener-host,1434;Database=app_db;User Id=app_user;Password=app_password;Encrypt=True;TrustServerCertificate=True;

For stricter certificate validation:

Server=onedb-listener-host,1434;Database=app_db;User Id=app_user;Password=app_password;Encrypt=True;TrustServerCertificate=False;

For production environments, avoid storing plain text passwords directly in configuration files. Use a secure secret management mechanism when available.

Certificate Configuration

Depending on the selected encryption option, SQL Server clients may require certificate validation.

For simple encrypted connections, some environments may use:

TrustServerCertificate=True

This enables encryption but does not require the client to validate the certificate chain.

For stricter environments, use:

TrustServerCertificate=False

When certificate validation is enabled, make sure:

  1. The certificate is trusted by the client machine or application runtime.
  2. The certificate hostname matches the listener hostname.
  3. The client connects using the hostname that matches the certificate, not only the IP address.
  4. The certificate chain is valid and not expired.

The exact certificate configuration may vary depending on the SQL Server client driver, operating system, and organization security policy.

Testing the Secure Connection

Use sqlcmd to test the secure connection:

sqlcmd -S onedb-listener-host,1434 -d app_db -U app_user -P app_password -N -C

Then run:

SELECT @@VERSION;
GO

Or:

SELECT 1;
GO

If the connection is successful, queries will be routed through the OneDB Listener.

Troubleshooting

Unable to connect to the listener

Check that the OneDB Listener is running and the listener port is reachable from the client machine.

telnet onedb-listener-host 1434

Or:

nc -vz onedb-listener-host 1434

Encryption is not enabled

Make sure the client connection string includes encryption.

For JDBC:

encrypt=true

For .NET:

Encrypt=True

For sqlcmd:

-N

Certificate validation failed

If certificate validation is enabled, make sure the certificate is trusted by the client.

For basic testing, you may use:

TrustServerCertificate=True

For stricter validation, use:

TrustServerCertificate=False

Also make sure the hostname used in the connection string matches the certificate identity.

Application still connects directly to SQL Server

Make sure the application database host and port point to the OneDB Listener, not directly to the SQL Server Database.

Example:

Server=onedb-listener-host,1434

Invalid database or user

Make sure the database name and username match the target SQL Server Database configuration.

Example:

Database=app_db
User Id=app_user

Summary

Microsoft SQL Server applications can connect securely to the OneDB Listener using TLS encryption. By enabling Secure Connection on the listener and configuring the SQL Server client with encryption enabled, application traffic to OneDB can be encrypted over the network.

This setup is recommended for environments that require secure database connectivity and stronger protection between applications and database access points.

Share this Doc

Microsoft SQL Server

Or copy link

Table of Contents