How to connect to EC2 SQL Server in private VPC using SSL?


I am trying to connect to a SQL Server database that exists on an EC2 instance in our AWS environment. Our SQL Server machines are kept private. In the New SQL Server Data Source dialog in QuickSight, I can successfully connect to my database with SSL turned off. However, if I turn on SSL, it fails because it can’t validate a certificate.

I have asked our IT Admin for a certificate, and he says he doesn’t know how to get a CA Signed Certificate for a private machine.

Can you advise on how to get SSL turned on for our situation/setup?


Please review the Network and database configuration requirements described here - Network and database configuration requirements - Amazon QuickSight It details steps to connect DB in default VPC, non-default VPC, private VPC scenarios to ensure configurations are aligned to your situation.

Let us know if this resolves your issue.

Thank you
Deepak Singh

I am able to create a successful connection in my private VPC, but with SSL turned off. It doesn’t work with SSL turned on, but I’m thinking it isn’t necessary to turn on it since I’m already in a private network. From what I understand you can’t purchase a SSL certificate for a private machine anyways.

With regards to need to have turn on SSL in private VPC, please consult with your security team.

I noted that in case of SQL server DB instance on Amazon RDS, Amazon RDS creates an SSL certificate for it when DB instance is created. The SSL certificate includes the DB instance endpoint as the Common Name (CN) for the SSL certificate to guard against spoofing attacks, see the link - Using SSL with a Microsoft SQL Server DB instance - Amazon Relational Database Service