FIX: TDE certificate creation fails in SQL Server 2014 SP1 if the serial number is greater than 16 bytes

Symptoms
You create a certificate for Transparent Data Encryption (TDE) in Microsoft SQL Server 2014 Service Pack 1 (SP1). However, if you use a certificate whose serial number is greater than 16 bytes, you receive the following error message:

Msg 15297, Level 16, State 56, Line 1

The certificate, asymmetric key, or private key data is invalid.

Resolution
This problem was first fixed in the following cumulative update for SQL Server:


Note After you install this update, you can create the certificate even though the serial number is greater than 16 bytes. Additionally, you will not receive the error message that's mentioned in the "Symptoms" section. However, the serial number will be truncated to 16 bytes when it's saved into the cert_serial_number column in the sys.certificates catalog view. The truncate action occurs only in catalog view. This means that the certificate still preserves the original length of the serial number.
About cumulative updates for SQL Server
Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
Learn about the terminology Microsoft uses to describe software updates.
Properties

Article ID: 3082513 - Last Review: 08/17/2015 19:23:00 - Revision: 1.0

Microsoft SQL Server 2014 Service Pack 1

  • kbqfe kbfix kbexpertiseinter kbsurveynew KB3082513
Feedback