With the MSSQL driver, you need only add ;encrypt=true to your connection string.
Something like this:
jdbc:sqlserver://servername:port;databaseName=dbname;integratedSecurity=false;encrypt=true
You can verify the connection is encrypted by executing this in SSMS:
select * from sys.dm_exec_connections where encrypt_option!='FALSE'
You can add the encrypt flag to the MSSQL.cfc dbdriver... or use the Other JDBC driver with classname com.microsoft.sqlserver.jdbc.SQLServerDriver
(In our environment, we'd also set sendStringParametersAsUnicode=true and SelectMethod=direct - YMMV)
You might also benefit from the newer MSSQL JDBC driver. Lucee 5 info here:
Check out the branch, ant, copy the mssqljdbc4-6.0.7507 lex into the lucee-server/deploy folder.
For Lucee 4.5, get the drivers from here:
The sqljdbc 6.0.7507 package - you want sqljdbc41.jar (JRE 7) or sqljdbc42.jar (JRE8) depending on your java level.
Connection strings reference here:
You may want to specifically read the item for encrypt - as the new driver has an "authentication" property.
Also be aware the certificate will be validated when connecting - so make sure the server name matches the common name. Or pass trustServerCertificate=true. In my experience SQL has been finicky about this - SSMS in particular seems to match against common name only, but JDBC honors subjectAltNames. And I think I had issues with case sensitivity too. (SQL 2012)
-G