January 18, 2019 at 9:26 am
Hello All,
Thank you for looking to my question and thank you for your service to the SQL Server community.
I am currently working on a project to implement TDE in my SQL Server 2017 enterprise environment. I have found many articles that has described and provided step by step implementation methods using the database master key stored in master database and a certificate that protects the master key.
However, my boss does not want to store the key in database server and wants to use the enterprise certificate authority to provide me the certificates. I would have to use these certificates to implement TDE in my environment.
Though it sounds like a very interesting topic to learn, I am also nervous that if something goes wrong, the entire environment will be down.
I want to reach out to the community to see if someone has done it already and if so, are there any useful links or documentation that I can go through.
Questions
What are the requirements for the certificates?
Should I ask for the private key and the certificate?
Are there any step by step implementation guide for this topic?
Please help..!!!
I found this one
https://blogs.msdn.microsoft.com/sql_pfe_blog/2014/02/04/generating-a-trusted-tde-certificate-in-the-proper-format-from-a-certificate-authority/
January 22, 2019 at 5:12 am
The link you've found pretty much covers everything you need to know.
In summary, when importing a certificate in SQL Server from a certificate authority be sure that the certificate is encoded in DER format. Otherwise the certificate will have to be converted to DER using third party tools like OpenSSL, or a DER version of the certificate will have to be requested from the Certificate Authority.
Other than that, configuring TDE with a certificate from an external provider is the same as using a SQL Server-generated certificate. Basically, if you are able to import the certificate to SQL Server, then you should be able to use it for TDE.
January 22, 2019 at 12:58 pm
Thank you so much Handy D.
I will post more updates as I make progress on this project.
Thanks
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply