Encrypt incoming connections

You can encrypt all incoming connections to Querona and allow only clients that support encryption.

First you have to configure Querona to use a certificate that meets Certificate requirements before taking additional steps on the server computer or client computers to encrypt data.

This article describes how to configure Querona for certificates and change encryption settings of the Querona instance.

To configure and force encrypted connection to the server:

1. In Administration Portal navigate to ADMINISTER –> System Instances –> Root, and click Edit.

   1. If you want to change the certificate configured during installation, then in the Certificate thumbprint text box enter the certificate thumbprint of the certificate that you want Querona to use, and then click OK.

2. Change the Maximum TDS version to TDS v8.0.

3. Change the Encryption to Strict.

4. Verify that the Minimum TLS version if encryption enabled is set to TLS 1.2.

5. Click SAVE.

6. Restart the Querona Service.

Remarks

If you see certificate validation errors, ensure that:

• Server certificate is valid on the machine you’re using,

• HostNameInCertificate connection string property matches CA name or one of the DNS names in the certificate,

• The Querona Service Account has read private key permission on the certificate used.

Note

To ensure secure connectivity between client and server, configure SQL Client to support encrypted connections.