Configurable SQL Connection Strings
Keyfactor Command supports using a custom SQL connection string template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. that can be created to fit the needs of an overall deployment. This template will be used as a starting point and will not be overwritten by the configuration wizard. For instance, you can set the timeout setting in one place, and once the configuration wizard is run, this is reflected in all places where a connection string is used. The template can be changed at any time to update the connection strings.
To create a customized connection string template, after installing the Keyfactor Command software but before running the configuration wizard, modify both the EFModels and SqlDirect connection strings in the SqlConnectionStrings.json file found in theConfiguration folder under your installation directory. By default, this is:
The settings that can be modified are described in the following Microsoft article:
Figure 518: Default SQL Connection Strings
Disable Encryption
If you prefer to connect to your SQL server over a non-encrypted channel (and thus avoid configuring an SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. certificate for your SQL server), you can use the Encrypt keyword in the connection strings with a value of False.
Figure 519: SQL Connection Strings with Encrypt Channel Disabled
Use a SQL Server Listening on Multiple IP Addresses
If you’re using a SQL server cluster that’s configured to listen for incoming connections on more than one IP address to support redundancy or access from multiple networks/subnets, you can use the MultiSubnetFailover keyword in the connection strings with a value of True.
Figure 520: SQL Connection Strings with MultiSubnetFailover Option Enabled