Enable SSL Connection in MSSQL

Secure the ServiceDesk Plus MSSQL database by setting up an SSL connection.

To create an SSL connection, you must obtain either a self-signed SSL certificate or purchase a verified SSL certificate from a vendor.

To generate a self-signed certificate, go to the command prompt and enter the following command:

New-SelfSignedCertificate -CertStoreLocation Cert:LocalMachineMy -DnsName host.doman.com -KeySpec KeyExchange -FriendlyName SQLCert

The following are the basic steps to help you enable an SSL connection in MSSQL. For more information on SSL connections, refer to this link.

Steps to Enable SSL Connection in MSSQL

On the SQL server-installed machine, go to Start and type mmc to open the Microsoft Management Console.
Go to File > Add/Remove Snap-in.
Select Certificates from the Available snap-ins and click Add to move them to the Selected snap-ins box.

The Certificates snap-in window will pop up. Select Computer account, and then click Next.

On the displayed window, click Finish by keeping the check boxes as per default settings (Local computer).

Import the SSL domain certificate under Certificates > Personal > Certificates. To import the certificate, click Actions > Personal > More Actions > All tasks > Import.

Import the certificate again under Certificates > Trusted Root Certification Authorities.

To import a certificate chain, upload the respective certificates into Personal, Intermediate, and Trusted Root Certification Authorities.

Go to Start > Computer Management > SQL Server Configuration Manager.
Under SQL Server Network Configuration, right-click Protocols of MSSQLSERVER and select Properties.
On the Flags tab, choose Yes for Force Encryption.

On the Certificate tab, choose the SSL certificate from the drop-down.
Click Import, and then Apply.

Restart the MSSQL server for the changes to take effect.

To determine whether the ServiceDesk Plus MSSQL database connection is secure,

- Connect Microsoft SQL Server Management Studio enabling only the Encrypt Connection check box and disabling the Trust server certificate check box.

- Execute the following query under New Query in the Microsoft SQL Server Management Studio.

select * from sys.dm_exec_connections;

The SSL connection details will be displayed.

In case of an untrusted, internal, or self-signed certificate, follow the steps below to import the SSL certificate into Java keytool.
- Go to <SDP SERVER_HOME>jrelibsecurity.
- If the jssecacerts file is unavailable, duplicate the cacerts file and rename the duplicated file to jssecacerts.
- On the command prompt, navigate to <SERVER_HOME>jrebin
- Execute the following command:

keytool -import -alias SQLServer-1 -keystore ..libsecurityjssecacerts -file <path to the SQL certificate>

Enter the password as changeit when prompted.
Restart ServiceDesk Plus for the changes to take effect.

The keytool -list -v -keystore ../lib/security/jssecacerts > cert.txt command can be used to see if the certificate is imported into jssecacerts.

To enable SSL for the application, append ;encrypt=true;trustServerCertificate=false; to rodatasource.url,url in the <SDP_HOME>/conf/database_params.conf file.