Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🔐 New Certificate and Encryption Defaults in dbatools 2.0 🔐 #8883

Closed
potatoqualitee opened this issue Apr 28, 2023 Discussed in #8855 · 0 comments
Closed

🔐 New Certificate and Encryption Defaults in dbatools 2.0 🔐 #8883

potatoqualitee opened this issue Apr 28, 2023 Discussed in #8855 · 0 comments

Comments

@potatoqualitee
Copy link
Member

Discussed in #8855

Originally posted by potatoqualitee April 11, 2023
Hear ye, hear ye, dbatools 2.0 will be released soon and, unless you encrypt your SQL Server connections, you'll need to make some changes.

Microsoft's SQL Server connection libraries have new defaults so we do too. These library changes also impact the SqlServer module and Azure Data Studio (tho not SSMS yet it seems).

These changes will cause one or more of the following errors when connecting to unencrypted SQL Servers with dbatools 2.0:

  • The target principal name is incorrect
  • An existing connection was forcibly closed by the remote host
  • The certificate chain was issued by an authority that is not trusted
  • The instance of SQL Server you attempted to connect to does not support encryption
  • The remote certificate was rejected by the provided RemoteCertificateValidationCallback

To learn how to encrypt your SQL Server connections, check out @ACALVETT's post, Configuring network encryption for SQL Server This is the best way to handle the new changes because these changes will eventually impact all SQL Server-related applications.

I also wrote a blog post, New Encryption and Certificate Defaults in Microsoft's SQL Server Connection Provider, that shows less secure ways to manage these changes.

image

The blog post also covers a new command I recently created called Set-DbatoolsInsecureConnection to help address these issues. I'll be using this often in my CI/CD scenarios.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant