Skip to content

Backing up a Certificate

February 27, 2012

If you create your own certificate in SQL Server, you need to make sure that you back it up immediately. Once you start to encrypt anything with a certificate, you increase the risk that you’ll lose your data if an catastrophic event occurs. In this case, if you lose the certificate, you can’t access the data.

I talked about creating a certificate in another post, and there is corresponding DDL for backing up a certificate. BACKUP CERTIFICATE is the command you want to use, and it works like most of the other backup commands.

Let’s assume I have the certificate named MySalaryCert from the previous post. To create the backup of this certificate, I’d issue:

BACKUP CERTIFICATE MySalaryCert
 TO FILE = N'c:\SQLBackup\MySalaryCert.cer'
 WITH PRIVATE KEY
  ( FILE = N'c:\SQLBackup\MySalaryCert.pvk'
  , ENCRYPTION BY PASSWORD = N'AReallyStr0ngK#y4You'
  , DECRYPTION BY PASSWORD = N'R3allyToughP@ssword4You'
  )
;

This will generate two files for me in c:\sqlbackup as shown below.

backupcert1

The certificate was created with a password, so the backup must include the DECRYPTION BY option with that password. The password you use for the backup can be different, as shown, but you need to be sure that you manage this password properly. You will need it to restore the certificate, which I’ll show you next time.

From → Blog

One Comment

Trackbacks & Pingbacks

  1. The Encryption Primer « Voice of the DBA

Comments are closed.

Follow

Get every new post delivered to your Inbox.

Join 4,909 other followers

%d bloggers like this: