Securing SQL Server traffic is critical to preventing credential interception and man-in-the-middle attacks. Devolutions Server should always communicate with SQL Server using encrypted channels.
-
In SQL Server Configuration Manager, enable Force Encryption under the SQL Server Network Configuration.
Please consult this Microsoft article that provides detailed instructions: Enable encrypted connections to the Database Engine.
Install a trusted TLS certificate on SQL Server.
Avoid self-signed certificates in production environments.
Ensure the certificate includes the server’s FQDN and is issued by a recognized CA.
After the SQL Server environment is properly configured, the only change required in Devolutions Server is to enable Use SQL Server encrypted connection in the Database – Advanced settings section of the instance settings.
Legacy clients that do not support encryption may fail to connect.
Perform testing before enabling Force Encryption in production.
Encrypted SQL connections align with requirements from standards such as PCI DSS and NIST, and should be considered mandatory for any environment handling sensitive authentication or vault data.
Share your feedback