I have a requirement to use a CA signed certificate to encrypt the symmetric keys used for TDE. I first followed the instructions found on an MSDN blog that I am unable to link at the moment.
This has me generate a private key and use it to create a certificate request. I have tried many different Certificate Templates to issue a certificate with an exportable private key, but none work with the request generated by openssl. I have
tried to combine the issued cert (converted to PEM) with the originally generated private key. This creates a pfx file that I can use with PVKConverter to generate a .cer .pvk pair(As I understand it, SQL requires a DER format certificate and a PVK format
private key). However when I attempt a CREATE CERTIFICATE FROM FILE in SQL I get "The certificate, asymmetric key, or private key file is not valid or does not exist; or you do not have permissions for it."
I have created a custom certificate request using the certificates snapin and successfully issued a certificate with an exportable private key in pfx format. Using PVKConverter to split the pfx into a .cer .pvk pair, SQL throws "The certificate,
asymmetric key, or private key data is invalid"
Permissions should not be an issue as I have granted permissions on the certificate files to the sql service account and my own account. I have also granted full permissions to the private key within the pfx certificates to the same accounts. These
were simple troubleshooting measures to see if permissions were the problem.
SQL used to create certificate:
CREATE CERTIFICATE Server_Cert
FROM FILE = 'E:\Certificate\certname_db.cer'
WITH PRIVATE KEY (FILE='E:\Certificate\certname_db.pvk', DECRYPTION BY PASSWORD = 'decryption password');
SQL Server 2012
Windows Server 2012R2
Needless to say I am not a SQL expert, nor am I an expert with certificate authorities or openssl. I have not been able to find any documentation other than the link above that concerns this issue. I would like to know how to CREATE CERTIFICATE
FROM FILE using a CA signed certificate. Any help would be greatly appreciated.