June 20, 2016 at 12:50 pm
Ugh please help. Trying to register a DoD certificate to the database so I can use a certificate for the database master key instead of password.
I have the certificate file and I have the private key file (which is a pfx format) and I keep getting the same darned error:
Msg 15208, Level 16, State 1, Line 1
The certificate, asymmetric key, or private key file does not exist or has invalid format.
This is the SQL I'm using:
CREATE CERTIFICATE SQLDBEncr
FROM FILE = 'c:\stigs\SQLDatabaseEncryption.army.mil.cer'
WITH PRIVATE KEY (FILE = 'c:\stigs\SQLDatabaseEncryption.army.mil.pfx',
DECRYPTION BY PASSWORD = 'xxxx');
GO
I'm doing this all on my local machine with nothing going across the network. SQL service is starting up with my domain account login.
Thanks!
June 21, 2016 at 4:36 am
bump - nobody creates certificates from file? 🙁
June 21, 2016 at 5:40 am
So far, no, only certificates I created in SQL...
However, are you sure the key file has a password on it? Came across this over on MSDN: unable-to-import-certficate
They had created a certificate and key file (leaving aside being the wrong format,) with no password on the key file. This apparently gave SQL fits, and barfed the same error...
June 21, 2016 at 6:49 am
Yea, it has a password according to the IT guy. I dunno if its the format it doesn't like or not. BLAH this is really annoying... its to satisfy a government STIG. 🙂
June 21, 2016 at 7:30 am
amy26 (6/21/2016)
Yea, it has a password according to the IT guy. I dunno if its the format it doesn't like or not. BLAH this is really annoying... its to satisfy a government STIG. 🙂
There was another topic (don't have the link, sorry) that I came across looking into this, that indicates that SQL doesn't like certificates that are bigger than 1024 bytes for the key-size, maybe that's it?
As for STIGs, been there, done that, too cheap to get the t-shirt...
😀
/best Jeremy Clarkson from BBC Top Gear voice
Some say, they were created by a thousand monkeys with typewriters...
Some say, they were created by Cthulu dreaming in Ry'leh to drive IT staff more insane...
All we know is...
THEY'RE CALLED THE STIGs!
:hehe:
June 21, 2016 at 7:39 am
Hehe yea...
I think I may have figured it out. DoD PKI certs are in a pfx format and they need to be in pvk. I was told that Microsoft has a converter I can use to change the format.
June 21, 2016 at 7:52 am
amy26 (6/21/2016)
Hehe yea...I think I may have figured it out. DoD PKI certs are in a pfx format and they need to be in pvk. I was told that Microsoft has a converter I can use to change the format.
Here's hoping!
Let us know if that's the problem (especially as I may be going through this same thing in the near future...)
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply