Create certificate for encrypted database failed

Question

I'm trying to get familiar with TDE operation because one of my production database is already encrypted.
Since I did not work with encryption before in SQL I found good YouTube tutorial (https://www.youtube.com/watch?v=kYeC_3l0f24&list=PL1-7qPqBPOWetbwPCZxmSvinBESiVLKkN&index=1&t=212s) and was able successfully follow all steps.
The issue is when I try to restore encrypted database on another server.
I was able to create a Master Key on 'remote' server.
The problem is to create a new Certificate. I use this statemen:

CREATE CERTIFICATE LIMS_Test01_Cert2
  FROM FILE =  N'\\vhabosdev21.v01.med.va.gov\backup\LIMS_Test01_Cert.cer'
  WITH PRIVATE KEY (FILE = N'\\vhabosdev21.v01.med.va.gov\backup\LIMS_Test01_Cert_key.pvk', DECRYPTION BY PASSWORD = '!Welcome123456789@');
GO

Note: I validated that Certificate and private key are accessible from 'remote' instance.
Account I'm logging into SQL server is local administrator and SQL account is a member of sysadmin
The error I've got is:

Lookup Error - SQL Server Database Error: The certificate, asymmetric key, or private key file is not valid or does not exist; or you do not have permissions for it.

Any help would be appreciated to understand and fix it.
Thanks

Answer 1

Hi @Susja ,

Please try to copy the certificates and the private key from the source server to the appropriate folders on the destination server(such as"C:\SQLBackups\LIMS_Test01_Cert.cer").

Read files locally to prevent permission issues(The file is accessed in the security context of the SQL Server service account).

---

If the answer is helpful, please click "Accept Answer" and upvote it.
Hot issues in October—Users always get connection timeout problem when using multi subnet AG via listener. Especially after failover to another subnet