none
Rotation of Keys used for Encryption in SSL and other database encryption features RRS feed

  • Question

  • Dear Experts,

    I want to know, how can i renew/alternative when the certificates used for SSL or other encryption used get's expired.

    What is the practice recommended in production. Also what are the measures that one should take ?

    Thanks,

    Devendra


    Devendra Yadav

    Friday, August 16, 2019 9:21 AM

All replies

  • Hi Devendra,

    Steps to renew a SQL Server certificate used for SSL encryption:

    1. Get a certificate which can meet the SQL Server Certificate Requirements.
    2. Add this certificate with Microsoft Management Console.
    3. In SQL Server Configuration Manager, first disable the ForceEncryption, then in the Certificate tab, select the certificate you want to use, after that, enable ForceEncryption again, based on my test, we will need to restart the database engine after operating these.
    4. Configure the SQL Server clients.

    Please check whether  below links  could help you?
    Steps to renew a SQL Server certificate
    Renew a Certificate
    Updating an expired SQL Server TDE certificate

    Best regards,
    Cathy 


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to  MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Monday, August 19, 2019 8:47 AM
  • Hello Cathy,

    So according to steps shared, we need to perform those activities once certificate is expired. 

    What happens when the certificate gets expire? Also will sql server stop receiving connections from clients if certificate is expired?

    Thanks,

    Devendra


    Devendra Yadav

    Monday, August 19, 2019 9:22 AM
  • Hi Devendra,

    >> What happens when the certificate gets expire? Also will sql server stop receiving connections from clients if certificate is expired?

    If your certificate gets expired there will be no effect. Certificate expiration is not enforced when the certificate is used for encryption.

    Please refer to What happens after the Certificate in SQL Server gets expired to get more information.

    Best regards,
    Cathy

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to  MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Monday, August 19, 2019 9:29 AM