You can enable encryption for database connections used by the CommServe server to secure communication between the .NET SQL Client and the SQL Server. This configuration ensures that database traffic is encrypted and, optionally, that the client trusts the server certificate.
Before You Begin
-
Verify that you have administrative access to the CommServe host and SQL Server.
-
Ensure that the SQL Server supports encrypted connections.
-
Obtain a valid TLS/SSL certificate from a trusted certificate authority (CA) if you do not want to use a self-signed certificate.
Note
Self-signed certificates do not guarantee complete security. For more information, see Microsoft documentation - Using Encryption Without Validation in SQL Server Native.
Procedure
-
Configure the following additional settings to the CommServe properties with values 1, 2, or 3:
Where:
-
1: Enables encrypted connections between the .NET client and SQL Server.
-
2: Client trusts the server certificate. If this option is not enabled, install the SQL Server’s TLS/SSL certificate on the client computer.
-
3: Enables both options 1 and 2.
-
-
Configure SQL Server Database Engine encryption settings under Protocols for COMMVAULT.
-
Enable encryption for the SQL Native Client:
-
Open the SQL Server Configuration Manager.
-
Go to the SQL Native Client 11.0 Configuration > Properties > Flags tab.
-
Set Force Protocol Encryption to Yes.
-
-
From the Commvault Process Manager, stop all Commvault services.
-
Restart all Commvault-related SQL Server services.
-
Restart IIS (Internet Information Services) on the CommServe or Web Server, by running the following command:
iisreset -
From the Commvault Process Manager, start all the Commvault services.