Creating certificates

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2005 » SQL Server 2005 Security » Creating certificates

Creating certificates

Rate Topic

Display Mode

Topic Options

Author

Message

francis.lawn

Posted Wednesday, December 09, 2009 2:57 AM

Forum Newbie

Group: General Forum Members
Last Login: Wednesday, December 23, 2009 5:39 AM
Points: 4, Visits: 10

I am trying to do the following:-
Create a certificate
Backup a certificate to a file
send the file to a third party
Have them create a certificate from it.

I get the following error:-
Msg 15468, Level 16, State 1, Line 1
An error occurred during the generation of the certificate.

When I do this on different servers within our domain it works fine. I can encrypt data and not decrypt. But where i created the certificate I can do both. As soon as I try to do it on an outside server it fails.

Any ideas?

thanks

Post #831237

Jack Corbett

Posted Wednesday, December 09, 2009 7:03 AM

SSChampion

Group: General Forum Members
Last Login: 2 days ago @ 12:22 PM
Points: 10,571, Visits: 11,871

Can you post the code you are using?

Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2

Post #831373

francis.lawn

Posted Wednesday, December 09, 2009 8:15 AM

Forum Newbie

Group: General Forum Members
Last Login: Wednesday, December 23, 2009 5:39 AM
Points: 4, Visits: 10

on my server:

CREATE CERTIFICATE Test2009
ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y'
WITH SUBJECT = 'Protect North West',
EXPIRY_DATE = '01/01/2010';

BACKUP CERTIFICATE Test2009 TO FILE = 'Test2009.txt'

on third party server
CREATE CERTIFICATE Test2009
FROM FILE = 'Test2009.txt' --using full path

this last piece of code errors on third party server but works on a different server within my domian

Post #831442

Jack Corbett

Posted Wednesday, December 09, 2009 8:25 AM

SSChampion

Group: General Forum Members
Last Login: 2 days ago @ 12:22 PM
Points: 10,571, Visits: 11,871

I believe you need to use a private key file to migrate the certificate that way. Here's a blog post I wrote about using certificates to sign stored procedures where I found that moving a certificate from one database to another user database required a private key file be created when backing up and restoring to the new database. Here's the basic syntax:

/*
Create the Certificate
*/    
CREATE CERTIFICATE cert_access_other_db 
ENCRYPTION BY PASSWORD = 'c3rtPa$$word'
WITH subject = 'Access Other DB'   
GO 

/* 
Backup the certificate being sure to use a Private Key
*/
BACKUP CERTIFICATE cert_access_other_db TO FILE = 'C:\Certificates\cert_access_other_db.cer'
WITH PRIVATE KEY (FILE = 'C:\Certificates\cert_access_other_db.pvk' ,
ENCRYPTION BY PASSWORD = '3ncRyptKeyPa$$word',
DECRYPTION BY PASSWORD = 'c3rtPa$$word');
GO

/*
Create the certificate in the new database from the file
*/
CREATE CERTIFICATE cert_access_other_db FROM FILE = 'C:\Certificates\cert_access_other_db.cer'
WITH PRIVATE KEY (FILE = 'C:\Certificates\cert_access_other_db.pvk',
/*The password used to create the private key*/
DECRYPTION BY PASSWORD = '3ncRyptKeyPa$$word', 
ENCRYPTION BY PASSWORD = 'D3cryptKeyPa$$word');
GO

Post #831455

francis.lawn

Posted Wednesday, December 09, 2009 8:31 AM

Forum Newbie

Group: General Forum Members
Last Login: Wednesday, December 23, 2009 5:39 AM
Points: 4, Visits: 10

Thankls a lot for that Jack. I will let you know how I get on.

Post #831467

francis.lawn

Posted Thursday, December 10, 2009 9:15 AM

Forum Newbie

Group: General Forum Members
Last Login: Wednesday, December 23, 2009 5:39 AM
Points: 4, Visits: 10

I still get the same error on the third party's server

Post #832325

Jack Corbett

Posted Thursday, December 10, 2009 11:01 AM

SSChampion

Group: General Forum Members
Last Login: 2 days ago @ 12:22 PM
Points: 10,571, Visits: 11,871

Unfortunately that's all the help I can offer at this point. May be able to try it out later though.

Post #832435

« Prev Topic | Next Topic »

Permissions