Has anyone else tried using Java SSL or anything using Java that will not require stunnel on the client side?
On Fri, Jun 25, 2010 at 12:13 PM, Carter Browne cbrowne@cbcs-usa.com wrote:
On 6/24/2010 11:00 PM, Mohit Anchlia wrote:
On Thu, Jun 24, 2010 at 10:27 AM, Carter Browne cbrowne@cbcs-usa.com wrote:
On 6/24/2010 12:09 PM, Mohit Anchlia wrote:
On Thu, Jun 24, 2010 at 5:14 AM, Carter Browne cbrowne@cbcs-usa.com wrote:
It is very easy to do if you have stunnel running on both ends. On the client side in the configuration file you could have:
[MSSQL-OUT] accept = localhost:1433 connect = remote:20000 client = yes
Thanks. So if I have stunnel running on both ends how do I connect to SQL server? Just open a JDBC connection on the local port and it will automatically connect on the remote side?
In this example, I would define an alias using the configuration manager giving it your name for the data base, and having it connect to port 1433 on localhost. For my systems, I usually use a dummy name defined in the 127.0.0.0/8 net and some port other than 1433. This approach does require stunnel on both ends. I haven't tried any other approaches. MS SQL server does have some options for encrypting the traffic as well
- I did not think they would work for my mixed Linux/Windows
environment, but it might work for your environment.
Also, are there any other options? We have 20 servers from which we need to connect. I was trying to avoid install of another binary and relying on it for being up and running. Is it possible to use Java SSL? Or is that too complicated and not proven to work? Not sure if there is any other option.
on the remote side have:
[MSSQL-IN] accept = 20000 connect = 1433 client = no
In this example port 20000 would have to be open to any firewalls including the Windows firewall and assumes you are using the standard MSSQL port on the server.
You would probably want to use the SQL Server Configuration Manager on the client computer to add an alias for your data base.
Our client will be on Linux box. I am trying to understand if I am using JDBC the connection URL is something like:
jdbc:sqlserver://[serverName[\instanceName][:portNumber]][;property=value[;property=value]]
So if I use stunnel on both sides then how will this work? What will I give in my connection string?
I don't have a Java DB connection, so I cannot speak from experience. For both the Windows and the Linux ODBC drivers, using the example above the server name would be localhost:1433. The Instance name and any properties that you send would not change. Again, using the values in the example, stunnel is simply mapping localhost:1433 to remote:1433.
Carter
Carter
Carter Browne CBCS cbrowne@cbcs-usa.com 781-721-2890
On 6/23/2010 11:32 PM, Mohit Anchlia wrote:
We have a requirement to connect to a SQLServer that is connected through stunnel on the other end. Can I use java SSL to talk to stunnel? What are my options? _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Could someone please point me to appropriate configuration for configuring stunnel on the client side with SQL server?
On Fri, Jun 25, 2010 at 12:23 PM, Mohit Anchlia mohitanchlia@gmail.com wrote:
Has anyone else tried using Java SSL or anything using Java that will not require stunnel on the client side?
On Fri, Jun 25, 2010 at 12:13 PM, Carter Browne cbrowne@cbcs-usa.com wrote:
On 6/24/2010 11:00 PM, Mohit Anchlia wrote:
On Thu, Jun 24, 2010 at 10:27 AM, Carter Browne cbrowne@cbcs-usa.com wrote:
On 6/24/2010 12:09 PM, Mohit Anchlia wrote:
On Thu, Jun 24, 2010 at 5:14 AM, Carter Browne cbrowne@cbcs-usa.com wrote:
It is very easy to do if you have stunnel running on both ends. On the client side in the configuration file you could have:
[MSSQL-OUT] accept = localhost:1433 connect = remote:20000 client = yes
Thanks. So if I have stunnel running on both ends how do I connect to SQL server? Just open a JDBC connection on the local port and it will automatically connect on the remote side?
In this example, I would define an alias using the configuration manager giving it your name for the data base, and having it connect to port 1433 on localhost. For my systems, I usually use a dummy name defined in the 127.0.0.0/8 net and some port other than 1433. This approach does require stunnel on both ends. I haven't tried any other approaches. MS SQL server does have some options for encrypting the traffic as well
- I did not think they would work for my mixed Linux/Windows
environment, but it might work for your environment.
Also, are there any other options? We have 20 servers from which we need to connect. I was trying to avoid install of another binary and relying on it for being up and running. Is it possible to use Java SSL? Or is that too complicated and not proven to work? Not sure if there is any other option.
on the remote side have:
[MSSQL-IN] accept = 20000 connect = 1433 client = no
In this example port 20000 would have to be open to any firewalls including the Windows firewall and assumes you are using the standard MSSQL port on the server.
You would probably want to use the SQL Server Configuration Manager on the client computer to add an alias for your data base.
Our client will be on Linux box. I am trying to understand if I am using JDBC the connection URL is something like:
jdbc:sqlserver://[serverName[\instanceName][:portNumber]][;property=value[;property=value]]
So if I use stunnel on both sides then how will this work? What will I give in my connection string?
I don't have a Java DB connection, so I cannot speak from experience. For both the Windows and the Linux ODBC drivers, using the example above the server name would be localhost:1433. The Instance name and any properties that you send would not change. Again, using the values in the example, stunnel is simply mapping localhost:1433 to remote:1433.
Carter
Carter
Carter Browne CBCS cbrowne@cbcs-usa.com 781-721-2890
On 6/23/2010 11:32 PM, Mohit Anchlia wrote:
> We have a requirement to connect to a SQLServer that is connected > through stunnel on the other end. Can I use java SSL to talk to > stunnel? What are my options? > _______________________________________________ > stunnel-users mailing list > stunnel-users@mirt.net > http://stunnel.mirt.net/mailman/listinfo/stunnel-users > > > >
-
Mohit Anchlia