January 8, 2026 at 5:52 pm
The previous DBA created a certificate which expired 12/31/2025.
I came in hoping to have an easy day for New Year's Eve and found all of the backups were failing. After doing the research, I found the certificate had expired.
1. I created a new certificate since I couldn't update the expiry date.
2. I backed up the certificate .cer and .pvk to the local d drive.
3. I changed the backup script to use the new certificate.
4. Yay, backups worked.
Now, I have a prod to QA refresh. That is failing.
Cannot find server certificate with thumbprint (a certificate number I don't even recognize and is not showing in Master->certificates).
RESTORE HEADERONLY is terminating abnormally. (Microsoft SQL Server, Error: 33111)
If the backup job is using the new certificate to backup the prod database and I've created the same certificate on the QA box, why is my restore failing?!
Any thoughts would be appreciated.
Thanks.
Things will work out. Get back up, change some parameters and recode.
January 8, 2026 at 8:35 pm
The problem is that the thumbprint of the certificates is different, because the certificates are different.
Easy fix, you need to take the backup of the certificate you created on Prod and restore that certificate to the QA server.
If you query your Prod server (select [name], [thumbprint] from sys.certificates) and compare the thumbprints between QA and Prod, that's what's not matching (not sure where to find that in the GUI)
January 9, 2026 at 7:53 am
The mistake you made was creating a new certificate on the QA server; as mentioned you should create the certificate on the QA server from the backup certificate on the Prod server.
Also, I hope you have a backup of the original certificate otherwise backups created with it cannot be restored. I normally create a certificate, from the backup of the original certificate, named something like OldCertName.
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply