This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft SQL Server instance certificate and encryption config scanning

athena
Engaged Sweeper II

‎08-05-2024 01:46 PM - edited ‎08-05-2024 01:53 PM

I'd like to submit a feature request for Microsoft SQL Server scanning.

What I really miss in Lansweeper is that it does not report about the certificates assigned to instances and the encryption configuration of instances.

Information that I would like to see is for example:

  • Certificate thumbprint, fetched from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL[version].[sqlinstance]\MSSQLServer\SuperSocketNetLib\Certificate
  • If Force Encryption is enabled, fetched from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL[version].[sqlinstance]\MSSQLServer\SuperSocketNetLib\ForceEncryption
  • If Extended Protection is enabled, fetched from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL[version].[sqlinstance]\MSSQLServer\SuperSocketNetLib\ExtendedProtection
  • Certificate expiry date. Since Lansweeper already does certificate scanning, it should also be able to report for example the expiry date of the certificate based on the thumbprint.
  • Certificate subject common name. Same comment as expiry date.

I have accomplished this by manually adding registry scanning items, but it's pretty cumbersome, because of all the different MSSQL versions and instance names.

2 REPLIES 2
KoenPlasmans
Lansweeper Employee
Lansweeper Employee

4 weeks ago

Hi athena & DonMario73,

Your feature request makes total sense. We put it on our research backlog to be added to the database scanner.  We regularly evaluate our backlog and try to pick up high-value items like this. We will keep you posted if there is an update on this.

Thanks for the feedback and kind regards.

DonMario73
Champion Sweeper

‎08-05-2024 02:41 PM

+1

I also have the same requirement.

@VDFiliptake a look at this for the DB Scanner too.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now