0

I am facing an error while restoring the certificate for TDE encryption in SQL server 2008 R2. I am using the same certificate which is configured for SSL. Following are the steps which i have taken :

  1. First of all convert the .crt file to .cer.

  2. After that i converted the private key (.key) file to .pvk using openSSL command: openssl rsa -in private.key –outform PVK –pvk-strong -out private.pvk

  3. Now i am trying to create the certificate by using the following Query:

    CREATE CERTIFICATE TDE_Cert1 FROM FILE = [Path to .cer file]' WITH PRIVATE KEY (FILE=[Path to .pvk file],DECRYPTION BY PASSWORD = [Password used to encrypt .pvk file])

But i am getting following error:

Msg 15208, Level 16, State 1, Line 1 The certificate, asymmetric key, or private key file does not exist or has invalid format.

Please suggest , if i am doing anything wrong in the above process.

vMittal
  • 81
  • 4

1 Answers1

1

By digging into more details of this issue I found that the certificate was not restoring because of the size of private key.

The private key which I used for the SSL certificate was of 4096 bits in length. But as per SQL Server documentation for TDE certificates, the private key should not be more than 3456 bits.

Following is the link of SQL server documentation for the reference:

https://learn.microsoft.com/en-us/sql/t-sql/statements/create-certificate-transact-sql?view=sql-server-2017 (Check the Remarks section)

Now listed below is the command to check the length of your private key (you need openssl utility for this):

openssl rsa -text -noout -in private.key

Maybe this information shall be helpful for somebody who is facing the same issue.

TT.
  • 15,774
  • 6
  • 47
  • 88
vMittal
  • 81
  • 4