Ask Learn
Preview
Please sign in to use this experience.
Sign inThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Starting with SQL Server 2005, a self-signed certificate is created automatically during the startup to be used for channel encryption. By default, credentials in the login packet that are transmitted when a client application connects to SQL Server are always encrypted using this certificate if a certificate has not been explicitly provisioned for SSL/TLS. Optionally, the self-signed certificate can also be used to enable channel encryption. SSL/TLS connections that are encrypted using a self-signed certificate do not provide strong security, so it is strongly recommended that a certificate obtained from a trusted certification authority be used.
Until SQL Server 2016, the self-signed certificate was created using a SHA1 algorithm. However, SHA1 algorithm and many older algorithms have been deprecated beginning with SQL Server 2016. Refer to this books online article for more information.
Beginning with SQL Server 2017, the self-signed certificate now uses SHA256 algorithm which is more secure compared to SHA1 algorithm. Having said that, we still recommend using a certificate obtained from trusted certification authority to be used for channel encryption.
Please sign in to use this experience.
Sign in