April 4, 2016 at 8:20 am
I have 2 DBs and servers that will implement TDE. This has not yet been implemented. 2 separate servers and DBs. We have a process where once per year we restore the DB from server 2, onto server 1 so that the data can be read by a process on server 1.
If server 1 and 2 use different certs and passwords, how can I restore the DB backup? Can server 1 hold both certs?
I didn't find a clear answer or approach explained in the documentation.
Thanks
ST
April 4, 2016 at 8:27 am
To restore a DB that's been encrypted, the server must have the certificate that was used to encrypt that database. You can't decrypt with any old certificate, if you could, there wouldn't be much point.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
April 4, 2016 at 9:05 am
thanks, I understand that. I'm asking if server 1 can contain 2 separate certificates. The original one for server 1 as well as the server 2 certificate. I assume the answer is yes and that you would follow the same import cert steps. My assumption is based on the fact that the encryption is at the DB level, not at the server or instance level.
Is this correct?
April 4, 2016 at 9:13 am
I'm asking if server 1 can contain 2 separate certificates.
Well. sure. There's a limit of just over 2 billion (certificate ID in the system table is an int). Not sure if that's shared with any other objects (eg whether it's a generic object_id), but I doubt that matters
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
April 4, 2016 at 11:05 am
Great. Thanks.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply