You create a certificate for Transparent Data Encryption (TDE) in Microsoft SQL Server 2014 Service Pack 1 (SP1). However, if you use a certificate whose serial number is greater than 16 bytes, you receive the following error message:

Msg 15297, Level 16, State 56, Line 1

The certificate, asymmetric key, or private key data is invalid.


This problem was first fixed in the following cumulative update for SQL Server:

Cumulative Update 2 for SQL Server 2014 Service Pack 1
Note After you install this update, you can create the certificate even though the serial number is greater than 16 bytes. Additionally, you will not receive the error message that's mentioned in the "Symptoms" section. However, the serial number will be truncated to 16 bytes when it's saved into the cert_serial_number column in the sys.certificates catalog view. The truncate action occurs only in catalog view. This means that the certificate still preserves the original length of the serial number.

Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

SQL Server 2014 build versions


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!