In Real Time Master key is linked with other Certificates. since I am doing in my lab environment as part of cleanup of TDE. if it is linked with other certificates, then it's not recommended that's why I told its optional.
TDE still work with expired certificate however it is not recommended You can drop the old and recreate the certificate so that the certificate date will increase. However will do the same practical on this kind once time permits. Thanks for bringing the scenarios to our Notice. MS SQL DBA Tech Support Team
Hello Mahi, Thanks for reaching to us. Its all about your requirement. Creating TDE cert for each database is very complex and it increase DB administrator work. I always prefer to maintain at one. Talk to your team and discuss the pros and cons and come to one discussion and implement the same in test environment and finally apply to the prod. Thanks MS SQL DBA Tech Support
Everything You must be a high privileged user (such as a system administrator) to create a database encryption key and encrypt a database. Reference Link: learn.microsoft.com/en-us/sql/relational-databases/security/encryption/enable-tde-on-sql-server-using-ekm?view=sql-server-ver16 Thanks MS SQL DBA Tech Support.
Getting error while trying to create certificate from existing ceritification in another instance.. Kindly help me to resolve this issue "The certificate, assymetric key or private key file is not valid or doesn't exist ; or you do not have permissions for it"
Meanwhile if possible what u are try to do and have u done POC before implementing this. Is this prod or test instance. is the database is in HA before doing anything we need to consider many things to do troubleshoot.at the user end they should not face any issues.
Thank you for the prompt response. I'm working on local SQL Server setup in my machine. Gave permissions to the path from where the master key & certificate are getting used and it worked.
No, Transparent Data Encryption (TDE) is not supported in the Standard Edition of SQL Server. TDE is an enterprise feature and is only available in the Enterprise Edition of SQL Server.
The files are uploaded in mediafire website I am able to download as a individual. This doesn't require any vpn. please try to open in any device or browser Thank you Tech Support
Hi ,I try to restore certificate and private key follow command: USE master; CREATE CERTIFICATE QLDA_Cert FROM FILE = 'E:\Test\MyTDECert.cer' WITH PRIVATE KEY ( FILE = 'E:\Test\MyTDECert_PrivateKeyFile.pvk', DECRYPTION BY PASSWORD = 'P@ssWord123' ); the current SQL instance doesn’t have access to the file path I have placed the files in. Can you help me, please! Thanks!
Seems like your SQL server instance service account isnt having sufficient Permissions on E:\Test\ folder. Provide sufficient permissions or change to other folder where yr instance is having sufficient permissions
Hi, great video, thanks. Just one question. Can you explain why the step 4 to remove the TDE was optional?
In Real Time Master key is linked with other Certificates.
since I am doing in my lab environment as part of cleanup of TDE. if it is linked with other certificates, then it's not recommended that's why I told its optional.
Thanks for sharing your knowledge on TDE bro
My pleasure and so nice of you , Keep Visiting
Great demo
The "Oh shitt" moment got me lol @9:20
Thanks... i watch it again because of your comments
For rollback you are running three scripts in primary replica. If we need to rollback for secondary same queries we need to execute on secondary?
Yes.
Nice video! I have a question. What I need to do when the certificate expires?
TDE still work with expired certificate however it is not recommended
You can drop the old and recreate the certificate so that the certificate date will increase. However will do the same practical on this kind once time permits.
Thanks for bringing the scenarios to our Notice.
MS SQL DBA Tech Support Team
Hi Sir, we need to create a each TDE certifate for each db (or) one TDE for all databases in sql server ??
Hello Mahi,
Thanks for reaching to us.
Its all about your requirement. Creating TDE cert for each database is very complex and it increase DB administrator work. I always prefer to maintain at one. Talk to your team and discuss the pros and cons and come to one discussion and implement the same in test environment and finally apply to the prod.
Thanks
MS SQL DBA Tech Support
Hi , I must say it's an good video btw Which exact permissions are required on login to configure tde
Everything
You must be a high privileged user (such as a system administrator) to create a database encryption key and encrypt a database.
Reference Link:
learn.microsoft.com/en-us/sql/relational-databases/security/encryption/enable-tde-on-sql-server-using-ekm?view=sql-server-ver16
Thanks
MS SQL DBA Tech Support.
Getting error while trying to create certificate from existing ceritification in another instance.. Kindly help me to resolve this issue
"The certificate, assymetric key or private key file is not valid or doesn't exist ; or you do not have permissions for it"
Check the path location is right or not
try to use new path and check permissions is having to u and instance service account as well.
Meanwhile if possible what u are try to do and have u done POC before implementing this. Is this prod or test instance. is the database is in HA
before doing anything we need to consider many things to do troubleshoot.at the user end they should not face any issues.
Thank you for the prompt response. I'm working on local SQL Server setup in my machine. Gave permissions to the path from where the master key & certificate are getting used and it worked.
Its good to hear
@@MSSQLDBATechSupport But is there a way to renew the default 1 year expiry date of the master certificate?
Awesome Harsha ✌️
Thank you
Well explained
Thanks & Welcome!
Does this tde works for standard edition 2019 ?
No, Transparent Data Encryption (TDE) is not supported in the Standard Edition of SQL Server. TDE is an enterprise feature and is only available in the Enterprise Edition of SQL Server.
Thank You Bro
Welcome
Thank you!
You're welcome!
Thank you
You're welcome
Given links are not opening, we need to use VPN?
The files are uploaded in mediafire website
I am able to download as a individual.
This doesn't require any vpn. please try to open in any device or browser
Thank you
Tech Support
Hi ,I try to restore certificate and private key follow command:
USE master;
CREATE CERTIFICATE QLDA_Cert
FROM FILE = 'E:\Test\MyTDECert.cer'
WITH PRIVATE KEY
(
FILE = 'E:\Test\MyTDECert_PrivateKeyFile.pvk',
DECRYPTION BY PASSWORD = 'P@ssWord123'
);
the current SQL instance doesn’t have access to the file path I have placed the files in.
Can you help me, please!
Thanks!
Seems like your SQL server instance service account isnt having sufficient Permissions on E:\Test\ folder.
Provide sufficient permissions or change to other folder where yr instance is having sufficient permissions
thank you sir..please share your number
Don't have dedicated number for this channel