BACKUP CERTIFICATE (Transact-SQL)BACKUP CERTIFICATE (Transact-SQL)

适用于:Applies to: 是SQL ServerSQL Server(所有支持的版本)yesSQL ServerSQL Server (all supported versions) 是并行数据仓库Parallel Data Warehouseyes并行数据仓库Parallel Data Warehouse适用于:Applies to: 是SQL ServerSQL Server(所有支持的版本)yesSQL ServerSQL Server (all supported versions) 是并行数据仓库Parallel Data Warehouseyes并行数据仓库Parallel Data Warehouse

将证书导出到文件中。Exports a certificate to a file.

链接图标 Transact-SQL 语法约定link icon Transact-SQL Syntax Conventions

语法Syntax

-- Syntax for SQL Server  
  
BACKUP CERTIFICATE certname TO FILE = 'path_to_file'  
    [ WITH PRIVATE KEY   
      (   
        FILE = 'path_to_private_key_file' ,  
        ENCRYPTION BY PASSWORD = 'encryption_password'   
        [ , DECRYPTION BY PASSWORD = 'decryption_password' ]   
      )   
    ]  
-- Syntax for Parallel Data Warehouse  
  
BACKUP CERTIFICATE certname TO FILE ='path_to_file'  
      WITH PRIVATE KEY   
      (   
        FILE ='path_to_private_key_file',  
        ENCRYPTION BY PASSWORD ='encryption_password'   
      )   

备注

若要查看 SQL Server 2014 及更早版本的 Transact-SQL 语法,请参阅早期版本文档To view Transact-SQL syntax for SQL Server 2014 and earlier, see Previous versions documentation.

参数Arguments

certnamecertname
要备份的证书的名称。Is the name of the certificate to backup.

TO FILE = path_to_fileTO FILE = 'path_to_file'
指定要保存证书的文件的完整路径(包括文件名)。Specifies the complete path, including file name, of the file in which the certificate is to be saved. 此路径可以是本地路径,也可以是网络位置的 UNC 路径。This path can be a local path or a UNC path to a network location. 如果仅指定了文件名,则该文件将保存在实例的默认用户数据文件夹中(可能是也可能不是 SQL ServerSQL Server DATA 文件夹)。If only a file name is specified, the file will be saved in the instance's default user data folder (which may or may not be the SQL ServerSQL Server DATA folder). 对于 SQL Server Express LocalDB,实例的默认用户数据文件夹是 %USERPROFILE% 环境变量为创建实例的帐户指定的路径。For SQL Server Express LocalDB, the instance's default user data folder is the path specified by the %USERPROFILE% environment variable for the account that created the instance.

WITH PRIVATE KEY 指定将证书的私钥保存到文件中。WITH PRIVATE KEY Specifies that the private key of the certificate is to be saved to a file. 此子句为可选项。This clause is optional.

FILE = path_to_private_key_fileFILE = 'path_to_private_key_file'
指定要保存私钥的文件的完整路径(包括文件名)。Specifies the complete path, including file name, of the file in which the private key is to be saved. 此路径可以是本地路径,也可以是网络位置的 UNC 路径。This path can be a local path or a UNC path to a network location. 如果仅指定了文件名,则该文件将保存在实例的默认用户数据文件夹中(可能是也可能不是 SQL ServerSQL Server DATA 文件夹)。If only a file name is specified, the file will be saved in the instance's default user data folder (which may or may not be the SQL ServerSQL Server DATA folder). 对于 SQL Server Express LocalDB,实例的默认用户数据文件夹是 %USERPROFILE% 环境变量为创建实例的帐户指定的路径。For SQL Server Express LocalDB, the instance's default user data folder is the path specified by the %USERPROFILE% environment variable for the account that created the instance.

ENCRYPTION BY PASSWORD = encryption_passwordENCRYPTION BY PASSWORD = 'encryption_password'
用于在将密钥写入备份文件之前对私钥进行加密的密码。Is the password that is used to encrypt the private key before writing the key to the backup file. 该密码需要进行复杂性检查。The password is subject to complexity checks.

DECRYPTION BY PASSWORD = decryption_passwordDECRYPTION BY PASSWORD = 'decryption_password'
用于在备份密钥之前对私钥进行解密的密码。Is the password that is used to decrypt the private key before backing up the key. 如果证书是用主密钥加密,便无需使用此参数。This argument is not necessary if the certificate is encrypted by the master key.

备注Remarks

如果在数据库中使用密码对私钥进行加密,则必须指定解密密码。If the private key is encrypted with a password in the database, the decryption password must be specified.

将私钥备份到文件时,需要进行加密。When you back up the private key to a file, encryption is required. 用于保护文件中私钥的密码和用于加密数据库中证书私钥的密码不是同一个密码。The password used to protect the private key in the file is not the same password that is used to encrypt the private key of the certificate in the database.

私钥以 PVK 文件格式保存。Private keys are saved in the PVK file format.

若要使用或不使用私钥还原备份证书,请使用 CREATE CERTIFICATE 语句。To restore a backed up certificate, with or without the private key, use the CREATE CERTIFICATE statement.

若要将私钥还原到数据库中的现有证书,请使用 ALTER CERTIFICATE 语句。To restore a private key to an existing certificate in the database, use the ALTER CERTIFICATE statement.

在你执行备份后,这些文件就会通过 ACL 备份到 SQL Server 实例的服务帐户。When performing a backup, the files will be ACLd to the service account of the SQL Server instance. 如果需要将证书还原到在不同帐户下运行的服务器,必须将文件权限调整为文件可供新帐户读取。If you need to restore the certificate to a server running under a different account, you will need to adjust the permissions on the files so that they are able to be read by the new account.

权限Permissions

要求对证书具有 CONTROL 权限,并且了解用于对私钥进行加密的密码的相关信息。Requires CONTROL permission on the certificate and knowledge of the password that is used to encrypt the private key. 如果你只备份证书的公共部分,此命令必须拥有对证书的某种权限,并且调用方对证书的 VIEW 权限尚未遭拒绝。If only the public part of the certificate is backed up, this command requires some permission on the certificate and that the caller has not been denied VIEW permission on the certificate.

示例Examples

A.A. 将证书导出到文件中Exporting a certificate to a file

以下示例将证书导出到文件中。The following example exports a certificate to a file.

BACKUP CERTIFICATE sales05 TO FILE = 'c:\storedcerts\sales05cert';  
GO  

B.B. 导出证书和私钥Exporting a certificate and a private key

在以下示例中,已备份的证书的私钥将使用密码 997jkhUbhk$w4ez0876hKHJH5gh 进行加密。In the following example, the private key of the certificate that is backed up will be encrypted with the password 997jkhUbhk$w4ez0876hKHJH5gh.

BACKUP CERTIFICATE sales05 TO FILE = 'c:\storedcerts\sales05cert'  
    WITH PRIVATE KEY ( FILE = 'c:\storedkeys\sales05key' ,   
    ENCRYPTION BY PASSWORD = '997jkhUbhk$w4ez0876hKHJH5gh' );  
GO  

C.C. 导出具有加密私钥的证书Exporting a certificate that has an encrypted private key

在以下示例中,证书的私钥在数据库中进行加密。In the following example, the private key of the certificate is encrypted in the database. 必须使用密码 9875t6#6rfid7vble7r 对私钥进行解密。The private key must be decrypted with the password 9875t6#6rfid7vble7r. 将证书存储到备份文件中时,私钥将使用密码 9n34khUbhk$w4ecJH5gh 进行加密。When the certificate is stored to the backup file, the private key will be encrypted with the password 9n34khUbhk$w4ecJH5gh.

BACKUP CERTIFICATE sales09 TO FILE = 'c:\storedcerts\sales09cert'   
    WITH PRIVATE KEY ( DECRYPTION BY PASSWORD = '9875t6#6rfid7vble7r' ,  
    FILE = 'c:\storedkeys\sales09key' ,   
    ENCRYPTION BY PASSWORD = '9n34khUbhk$w4ecJH5gh' );  
GO  

另请参阅See Also

CREATE CERTIFICATE (Transact-SQL) CREATE CERTIFICATE (Transact-SQL)
ALTER CERTIFICATE (Transact-SQL) ALTER CERTIFICATE (Transact-SQL)
DROP CERTIFICATE (Transact-SQL)DROP CERTIFICATE (Transact-SQL)
CERTENCODED (Transact-SQL)CERTENCODED (Transact-SQL)
CERTPRIVATEKEY (Transact-SQL)CERTPRIVATEKEY (Transact-SQL)
CERT_ID (Transact-SQL)CERT_ID (Transact-SQL)
CERTPROPERTY (Transact-SQL)CERTPROPERTY (Transact-SQL)