- Download and install the following tool:
Microsoft PVKConverter for SQL Server
- Run the following command at a command prompt:This step processes a PFX certificate file in order to generate the following PVK/DER certificate pairs:
PVKConverter.exe -i <PFX format file> -o <PVK/DER format file> -d <Decryption password> -e <Encryption password>
- <PVK/DER format file>_1.cer
- <PVK/DER format file>_2.cer and <PVK/DER format file>_2.pvk
- Use SQL Query Analyzer to run the following Transact-SQL script:Note The "Encryption password" placeholder represents the password that is provided through the -e option of PVKConverter.exe.
CREATE CERTIFICATE >Certificate name>
FROM FILE = '<PVK/DER format file>.cer'
WITH PRIVATE KEY (FILE = '<PVK/DER format file>.pvk',
DECRYPTION BY PASSWORD = '<Encryption password>');
Windows Certificate Manager supports the export to PFX format only of existing certificates that contain private key information in Windows 2008. Windows 2008 has discontinued support for exporting to PVK/DER format. On the other hand, SQL Server does not support the importing of PFX encoded certificates. Therefore, there is currently an interoperability issue between Windows Certificate Manager and SQL Server.
Note If the serial number of your certificate is greater than 16 bytes, see the following article for your version of SQL Server.
For Microsoft SQL Server 2014 Service Pack 1Go to the following Microsoft Knowledge Base article:
For other versions of SQL ServerGo to the following CSS SQL Server Engineers Blog article:
Article ID: 2914662 - Last Review: Aug 31, 2015 - Revision: 1