Can you create a certificate from its thumbprint?

Question

its more of a concern than a problem. Here it goes;

I am trying to restore a TDE enabled SQL Server backup on a separate server. While restoring I got an error this error

Cannot find server certificate with thumbprint 0x210E6D33163FE11CSOMETHUMBPRINTIDONTWANTTOREVEAL

My concern : Is it a potential risk ? Can someone reverse engineer and create the certificate from its thumbprint?

score 3 · Answer 1 · answered Jan 20 '16 at 07:00

3

No. Thumbprint is a one way function. There is no way to create real certificate from thumbprint.

answered Jan 20 '16 at 07:00

Atilla Ozgur

14,339
3
49
69

score -1 · Answer 2 · answered Jan 20 '16 at 07:01

-1

Backup the certificate with master key on the Primary Server

BACKUP CERTIFICATE  [EncryptionCertificate] 
TO FILE = 'Certificate File path'
WITH PRIVATE KEY (FILE = 'Master Key File path.dat', ENCRYPTION BY PASSWORD = 'password')

Restore the certificate with master key password on the Secondary Server

CREATE CERTIFICATE [EncryptionCertificate]
FROM FILE='Certificate File path'
WITH PRIVATE KEY ( FILE =  'Master Key File path.dat' , DECRYPTION BY PASSWORD = 'password')

This will resolve the issue and can restore the database with out any errors.

answered Jan 20 '16 at 07:01

yuvi

564
5
12

Thanks Raja but I am not looking for a solution. More of a concern than a problem. I know how to restore the certificate and then restore the database. – Pradip Jan 20 '16 at 07:05
Downvote. Consider the situation when you dont have the certificate, but you want to create a fake certificate with the same thumbprint – Long Do Thanh Jan 08 '22 at 22:19

Can you create a certificate from its thumbprint?

2 Answers2