Database connection encryption for SQL Server 2025
SQL Server 2025 (17.x) introduces secure default encryption settings that affect how IBM® Data Replication connects to the distributor for subscription and publication activities.
Note: This information applies to both log-based and capture table-based configurations.
SQL Server 2025 encryption changes
SQL Server 2025 has secure default settings that make distributor connections use encryption by default. This change affects how IBM Data Replication connects to the distributor.
Configuration options
IBM Data Replication can be configured to work with SQL Server 2025 encryption in two ways:
- Option 1: Use encryption with certificates
-
- SQL Server uses default encryption settings.
- Encryption and certificates are configured on SQL Server.
- IBM Data Replication is configured with encryption parameters in JDBC advanced properties during instance configuration.
- Option 2: Disable encryption
-
- Set trust_distributor_certificate=yes so the distributor trusts the self-signed certificate:
EXECUTE sp_changedistributor_property @property = N'trust_distributor_certificate', @value = N'yes'; - Set encrypt_distributor_connection=optional instead of mandatory (default) for internal linked server connection from the publisher to distributor:
EXEC sp_changedistributor_property @property = N'encrypt_distributor_connection', @value = N'optional'; - Restart the CDC instance after you make the database changes.
- Set trust_distributor_certificate=yes so the distributor trusts the self-signed certificate:
For detailed configuration steps, see Configuring IBM Data Replication for SQL Server 2025 encryption.