FIX: TDE certificate creation fails in SQL Server 2014 SP1 if the serial number is greater than 16 bytes


You create a certificate for Transparent Data Encryption (TDE) in Microsoft SQL Server 2014 Service Pack 1 (SP1). However, if you use a certificate whose serial number is greater than 16 bytes, you receive the following error message:

Msg 15297, Level 16, State 56, Line 1

The certificate, asymmetric key, or private key data is invalid.


This problem was first fixed in the following cumulative update for SQL Server:

Note After you install this update, you can create the certificate even though the serial number is greater than 16 bytes. Additionally, you will not receive the error message that's mentioned in the "Symptoms" section. However, the serial number will be truncated to 16 bytes when it's saved into the cert_serial_number column in the sys.certificates catalog view. The truncate action occurs only in catalog view. This means that the certificate still preserves the original length of the serial number.
About cumulative updates for SQL Server
About cumulative updates for SQL Server


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology Microsoft uses to describe software updates.

Article ID: 3082513 - Last Review: Aug 17, 2015 - Revision: 1