Refresh special cases for encrypting connections article (UUF 366903)

rwestMSFT · rwestMSFT · commit 1f6d239ebef9 · 2025-01-30T16:47:07.000-07:00
diff --git a/docs/database-engine/configure-windows/special-cases-for-encrypting-connections-sql-server.md b/docs/database-engine/configure-windows/special-cases-for-encrypting-connections-sql-server.md
@@ -1,10 +1,10 @@
 ---
-title: Configure client computer and application for encryption
+title: Configure Client Computer and Application for Encryption
 description: Learn how to configure the client computer and application for encryption using self-signed certificates and a certificate automatically by SQL Server.
 author: suresh-kandoth
 ms.author: sureshka
 ms.reviewer: randolphwest, vanto
-ms.date: 10/10/2024
+ms.date: 01/30/2025
 ms.service: sql
 ms.subservice: configuration
 ms.topic: conceptual
@@ -33,25 +33,33 @@ This article provides the procedures for encrypting connections to [!INCLUDE [ss
 
 ### Scenario 1: You want to encrypt all the connections to SQL Server
 
-After completing both the procedures documented in [Step 1: Configure SQL Server to use certificates](configure-sql-server-encryption.md#step-1-configure-sql-server-to-use-certificates) and [Step 2: Configure encryption settings in SQL Server](configure-sql-server-encryption.md#step-2-configure-encryption-settings-in-sql-server) documented in [Configure SQL Server Database Engine for encrypting connections](configure-sql-server-encryption.md), use one of the following options to configure your client application for encryption.
+After completing both the procedures documented in [Step 1: Configure SQL Server to use certificates](configure-sql-server-encryption.md#step-1-configure-sql-server-to-use-certificates) and [Step 2: Configure encryption settings in SQL Server](configure-sql-server-encryption.md#step-2-configure-encryption-settings-in-sql-server) in the article [Configure SQL Server Database Engine for encrypting connections](configure-sql-server-encryption.md), use one of the following options to configure your client application for encryption.
 
-<a id="scenario1option1"></a>**Option 1:** Configure client applications to **Trust Server Certificate**. This setting causes the client to skip the step that validates the server certificate and continue with the encryption process. For example, if you're using [!INCLUDE [ssmanstudiofull-md](../../includes/ssmanstudiofull-md.md)] (SSMS) 20 and later versions, you can select **Trust Server Certificate** on the **Login** page (or on the **Options** page in earlier versions).
+<a id="scenario1option1"></a>
 
-<a id="scenario1option2"></a>**Option 2:** On each client, add the certificate's issuing authority to the trusted root authority store by performing the following steps:
+**Option 1:** Configure client applications to **Trust Server Certificate**. This setting causes the client to skip the step that validates the server certificate and continue with the encryption process. For example, if you're using [!INCLUDE [ssmanstudiofull-md](../../includes/ssmanstudiofull-md.md)] (SSMS) 20 and later versions, you can select **Trust Server Certificate** on the **Login** page (or on the **Options** page in earlier versions).
+
+<a id="scenario1option2"></a>
+
+**Option 2:** On each client, add the certificate's issuing authority to the trusted root authority store by performing the following steps:
 
 1. Export the certificate from a computer that's running [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] by using the procedure documented in [Export server certificate](certificate-procedures.md#export-server-certificates).
 
 1. Import the certificate by using the procedure documented in [Export and import certificates](certificate-procedures.md).
 
 ### Scenario 2: Only some clients need encrypted connections
 
-After configuring the certificate for [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] use as documented in [Step 1: Configure SQL Server to use certificates](configure-sql-server-encryption.md#step-1-configure-sql-server-to-use-certificates) in [Configure SQL Server Database Engine for encrypting connections](configure-sql-server-encryption.md), use one of the following options to configure your client application for encryption:
+After you configure the certificate for [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] use as documented in [Step 1](configure-sql-server-encryption.md#step-1-configure-sql-server-to-use-certificates) in [Configure SQL Server Database Engine for encrypting connections](configure-sql-server-encryption.md), use one of the following options to configure your client application for encryption:
 
-<a id="scenario2option1"></a>**Option 1**: Configure client applications to trust the server certificate and specify the encryption keyword in connection properties to *Yes* or *True*. For example, if you're using Microsoft ODBC Driver for [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)], the connection string should specify `Encrypt=Yes;TrustServerCertificate=Yes;`.
+<a id="scenario2option1"></a>
+
+**Option 1**: Configure client applications to trust the server certificate and specify the encryption keyword in connection properties to *Yes* or *True*. For example, if you're using Microsoft ODBC Driver for [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)], the connection string should specify `Encrypt=Yes;TrustServerCertificate=Yes;`.
 
 For more information about server certificates and encryption, see [Using TrustServerCertificate](/dotnet/framework/data/adonet/connection-string-syntax).
 
-<a id="scenario2option2"></a>**Option 2**: On each client, add the certificate's issuing authority to the trusted root authority store and specify encryption parameters to *Yes* in the connection string:
+<a id="scenario2option2"></a>
+
+**Option 2**: On each client, add the certificate's issuing authority to the trusted root authority store and specify encryption parameters to *Yes* in the connection string:
 
 1. Export the certificate from a computer that's running [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] by using the procedure documented in [Export the certificate](certificate-procedures.md#export-server-certificates) from a computer that's running [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)].
 
@@ -74,7 +82,7 @@ Configure client applications to trust the server certificate and specify the en
 No extra configuration is required on the [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] for this scenario.
 
 > [!WARNING]  
-> SSL connections encrypted using a self-signed certificate don't provide strong security, because the length of the key in the self-signed certificates is shorter than the key in the certificates that're generated by the CA. They are susceptible to man-in-the-middle attacks. You shouldn't rely on SSL using self-signed certificates in a production environment or on servers that're connected to the Internet.
+> TLS/SSL connections encrypted using a self-signed certificate don't provide strong security, because the length of the key in the self-signed certificates is shorter than the key in the certificates generated by the CA. They're susceptible to man-in-the-middle attacks. You shouldn't rely on TLS/SSL using self-signed certificates in a production environment or on servers connected to the Internet.
 
 ## Related content
 
