Wiki Admin

How Can I Enforce Encrypted Connections Between DSS and SQL Server?

Export as HTML Export as PDF Export as DOCX
Edit

Documentation: How Can I Enforce Encrypted Connections Between DSS and SQL Server?

How Can I Enforce Encrypted Connections Between DSS and SQL Server?

Question

I want to enforce encrypted database connections for both the DSS Hub Server repository and SQL Server source or target locations. However, all connections to the MSSQL server remain unencrypted. How can I ensure DSS establishes encrypted connections to SQL Server databases?

Environment

DSS 6

Answer

To enforce encrypted connections between DSS and SQL Server, set the following environment variables wherever the connection is being initiated:

  • DSS_MSSQL_ENCRYPT=ALWAYS
  • DSS_ODBC_CONNECT_STRING_ADD=TrustServerCertificate=Yes

These variables instruct DSS to require encryption and trust the SQL Server certificate.

For SQL Server source or target locations

  1. Define the environment variables at the channel level for each SQL Server location.
  2. Run Activate Replication with the Jobs option selected.

For the DSS Hub repository (SQL Server)

  1. Set the same environment variables at the Hub Server level.
  2. Run the following command on the Hub Server command line:
    export DSS_MSSQL_ENCRYPT=ALWAYS
export DSS_ODBC_CONNECT_STRING_ADD=TrustServerCertificate=Yes
  3. Restart the Hub Server to apply the changes.

If the Hub Server runs as a systemd service

  1. Add the environment variables to the Hub Server's systemd service file.
  2. Reload the systemd configuration and restart the service using the following commands:
    systemctl daemon-reload
systemctl restart hubserver

To learn more, see Configuring Restarting of Hub Server after System Reboot.