Isn't part of the problem really a single point of failure? If the database certificate becomes corrupted or lost you are SOL.

Can the live database be encrypted using one certificate while backups of the database be encrypted using another certificate, or even another encryption technology (ex a PGP encrypted hard drive). That way if the database certificate is lost you have access to the backups using a different certificate and if the backup encryption key/certificate is lost you still have the live database.