So I'm going through various documents and it seems like I should be creating, for obvious reasons, a master key for 'master' database and also a certificate that signs the symmetric key.

However, the symmetric key must be created for the intended database (i.e. USE testdb but USE master for the master key and certificate creation).

I just don't understand how the users and roles work in SQL Server, and they get to be set in the context of New Query window in SSMS. When I execute SELECT CURRENT_USER, some times it is 'guest' user and other times 'dbo'.

I'm connecting to the database via 'sa'. How do I go about to grant permission to an appropriate user, whichever it is (or perhaps I should create one!), to be able to execute certificate creation for my database, i.e. testdb?

This is getting really frusturating.