Issue: Unable to generate pfx file from certificate manager. Certificate export have the option greyed out “Personal Information Exchange PFX”. Fix: Use PowerShell to generate the PFX file. The Certificates snap-in really doesn’t like to export PFX certificates, but PowerShell is happy to. You can use the Export-PfxCertificate cmdlet. Go to the certificates pseudo-drive by typing cd cert:\ at... » read more
You can do this via openssl: Install openssl package (if you are using Windows, download binaries here). Generate private key: openssl genrsa 2048 > private.pem Generate the self signed certificate: openssl req -x509 -days 1000 -new -key private.pem -out public.pem If needed, create PFX: openssl pkcs12 -export -in public.pem -inkey private.pem -out mycert.pfx Note: Use Windows command prompt. Sources:... » read more
Error: I’ve created a simple Blazor Web Assembly project hosted inside a .NET Core App using .NET 5.0 RC1 Framework and I added the authorization during the wizard in Visual Studio 2019 Preview. It works perfectly in debug but if I publish it and try to connect to the server I receive a 500 error.... » read more
A certificate used in TDE will continue to work even after its expiration date. This is because the Database Encryption Key (DEK) in the user database is the key that encrypts the data at rest. DEK is the symmetric key stored in the user database boot record. The certificate which is stored in the master... » read more
Sources: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/move-a-tde-protected-database-to-another-sql-server?view=sql-server-ver15
Database Restore Without Valid Certificate Database Restore of backup file will fail without valid certificate. Msg 33111, Level 16, State 3, Line 60 Cannot find server certificate with thumbprint ‘0xCC4472D721418B759E36A04034F0C2A95EE68DD6’. Msg 3013, Level 16, State 1, Line 60 RESTORE DATABASE is terminating abnormally. Restore Master Key and Certificate You also need to restore the Master... » read more
Note: Need to remove all current database using certificate before you can drop the certificate. Once the certificate is removed, all database restore of encrypted database will fail. Restore Database without Certificate Msg 33111, Level 16, State 3, Line 60 Cannot find server certificate with thumbprint ‘0xCC4472D721418B759E36A04034F0C2A95EE68DD6’. Msg 3013, Level 16, State 1, Line 60... » read more
Note: Certificate is different for different databases. USE master database for TDE certificate. If expiration date not specified, default to 1 year. Note that there are several certificates listed, including one that looks like it’s for authentication (##MS_SQLAuthenticatorCertificate##). This is where SQL Server stores its certificates, in the master database. Obviously, if you create an... » read more
Note: Is is the Database Master Key (DMK). It is not the Service Master Key (SMK). The database master key is a symmetric key used to protect the private keys of certificates and asymmetric keys that are present in the database. When it is created, the master key is encrypted by using the AES_256 algorithm and a user-supplied password. Database master key is stored in both... » read more
Note: This is for Service Master Key (SMK). This is not the same as Database Master Key (DMK). The service master key is the root of the SQL Server encryption hierarchy. The service master key directly or indirectly secures all other keys in the tree. If a dependent key cannot be decrypted during a forced... » read more