checking ssl encryption in firewall

From: Andreas Birgerson (andbir@sema.removethis.se)
Date: 05/14/02


From: "Andreas Birgerson" <andbir@sema.removethis.se>
Date: Tue, 14 May 2002 13:25:36 +0200


I am using TCP at port 1433 and I am running SQL server 2000 sp2 and
I want to allow only ssl-encrypted sql traffic from some clients on the
internet and still allow unencrypted traffic on the backend (inside)
network.

Is there some bit or byte of the SQL server client request packet that I
can examine in my firewall to allow only SSL-encrypted SQL-traffic and drop
all other requests made to the same port?

- - -

Also - what does the certificate need to cover considering the following
scenario:

A) I have a machine name
"osiris.webprod.whatever.com"
 as part of an active directory that only exists on the DMZ. This dns domain
does not exist on the internet.

B) The machine also has its' own public dns entry "osiris.whatever.com"

C) There might be scenarios where clients on the internet will connect to it
as "sql.whatever.com"

So what/which certificate(s) do I need to purchase?

Thanks