BACKUP CERTIFICATE (Transact-SQL)BACKUP CERTIFICATE (Transact-SQL)

適用範圍:Applies to: 是SQL ServerSQL Server (所有支援的版本) yesSQL ServerSQL Server (all supported versions) 是Azure Synapse AnalyticsAzure Synapse AnalyticsyesAzure Synapse AnalyticsAzure Synapse Analytics 是平行處理資料倉儲Parallel Data Warehouseyes平行處理資料倉儲Parallel Data Warehouse適用範圍:Applies to: 是SQL ServerSQL Server (所有支援的版本) yesSQL ServerSQL Server (all supported versions) 是Azure Synapse AnalyticsAzure Synapse AnalyticsyesAzure Synapse AnalyticsAzure Synapse Analytics 是平行處理資料倉儲Parallel Data Warehouseyes平行處理資料倉儲Parallel Data Warehouse

將憑證匯出至檔案。Exports a certificate to a file.

連結圖示 Transact-SQL 語法慣例link icon Transact-SQL Syntax Conventions

語法Syntax

-- Syntax for SQL Server  
  
BACKUP CERTIFICATE certname TO FILE = 'path_to_file'  
    [ WITH PRIVATE KEY   
      (   
        FILE = 'path_to_private_key_file' ,  
        ENCRYPTION BY PASSWORD = 'encryption_password'   
        [ , DECRYPTION BY PASSWORD = 'decryption_password' ]   
      )   
    ]  

注意

此功能處於預覽狀態,適用於 Azure Synapse AnalyticsThis feature is currently in preview for Azure Synapse Analytics

-- Syntax for Azure Synapse Analytics and Parallel Data Warehouse  
  
BACKUP CERTIFICATE certname TO FILE ='path_to_file'  
      WITH PRIVATE KEY   
      (   
        FILE ='path_to_private_key_file',  
        ENCRYPTION BY PASSWORD ='encryption_password'   
      )   

注意

若要檢視 SQL Server 2014 與更早版本的 Transact-SQL 語法,請參閱舊版文件To view Transact-SQL syntax for SQL Server 2014 and earlier, see Previous versions documentation.

引數Arguments

certnamecertname
這是要備份的憑證名稱。Is the name of the certificate to backup.

TO FILE = 'path_to_file'TO FILE = 'path_to_file'
指定儲存憑證的檔案之完整路徑,包括檔案名稱。Specifies the complete path, including file name, of the file in which the certificate is to be saved. 此路徑可以是本機路徑或通往網路位置的 UNC 路徑。This path can be a local path or a UNC path to a network location. 如果只指定檔案名稱,檔案將會儲存在執行個體的預設使用者資料夾 (它不一定是 SQL ServerSQL Server DATA 資料夾)。If only a file name is specified, the file will be saved in the instance's default user data folder (which may or may not be the SQL ServerSQL Server DATA folder). 如果是 SQL Server Express LocalDB,執行個體的預設使用者資料夾是 %USERPROFILE% 環境變數為建立該執行個體的帳戶所指定路徑。For SQL Server Express LocalDB, the instance's default user data folder is the path specified by the %USERPROFILE% environment variable for the account that created the instance.

WITH PRIVATE KEY 指定憑證的私密金鑰要儲存到檔案。WITH PRIVATE KEY Specifies that the private key of the certificate is to be saved to a file. 這個子句是選擇性的。This clause is optional.

FILE = 'path_to_private_key_file'FILE = 'path_to_private_key_file'
指定儲存私密金鑰的檔案之完整路徑,包括檔案名稱。Specifies the complete path, including file name, of the file in which the private key is to be saved. 此路徑可以是本機路徑或通往網路位置的 UNC 路徑。This path can be a local path or a UNC path to a network location. 如果只指定檔案名稱,檔案將會儲存在執行個體的預設使用者資料夾 (它不一定是 SQL ServerSQL Server DATA 資料夾)。If only a file name is specified, the file will be saved in the instance's default user data folder (which may or may not be the SQL ServerSQL Server DATA folder). 如果是 SQL Server Express LocalDB,執行個體的預設使用者資料夾是 %USERPROFILE% 環境變數為建立該執行個體的帳戶所指定路徑。For SQL Server Express LocalDB, the instance's default user data folder is the path specified by the %USERPROFILE% environment variable for the account that created the instance.

ENCRYPTION BY PASSWORD = 'encryption_password'ENCRYPTION BY PASSWORD = 'encryption_password'
這是將私密金鑰寫入備份檔之前用來加密該金鑰的密碼。Is the password that is used to encrypt the private key before writing the key to the backup file. 這個密碼必須遵守複雜性檢查。The password is subject to complexity checks.

DECRYPTION BY PASSWORD = 'decryption_password'DECRYPTION BY PASSWORD = 'decryption_password'
這是備份私密金鑰之前用來解密該金鑰的密碼。Is the password that is used to decrypt the private key before backing up the key. 如果憑證由主要金鑰加密,則不需要此引數。This argument is not necessary if the certificate is encrypted by the master key.

備註Remarks

如果是在資料庫中利用密碼加密私密金鑰,則必須指定解密密碼。If the private key is encrypted with a password in the database, the decryption password must be specified.

將私密金鑰備份至檔案時,需要加密。When you back up the private key to a file, encryption is required. 用以保護檔案中私密金鑰的密碼與用以加密資料庫中憑證之私密金鑰的密碼並不相同。The password used to protect the private key in the file is not the same password that is used to encrypt the private key of the certificate in the database.

私密金鑰會以 PVK 檔案格式儲存。Private keys are saved in the PVK file format.

若要在使用或不使用私密金鑰的情況下還原備份憑證,請使用 CREATE CERTIFICATE 陳述式。To restore a backed up certificate, with or without the private key, use the CREATE CERTIFICATE statement.

若要將私密金鑰還原至資料庫中現有的憑證,請使用 ALTER CERTIFICATE 陳述式。To restore a private key to an existing certificate in the database, use the ALTER CERTIFICATE statement.

當執行備份時,該檔案對於 SQL Server 執行個體的服務帳戶將會套用存取控制清單。When performing a backup, the files will be ACLd to the service account of the SQL Server instance. 如果您要將憑證還原到在其他帳戶下執行的伺服器,您將需要調整檔案的權限,這樣新帳戶才能讀取它們。If you need to restore the certificate to a server running under a different account, you will need to adjust the permissions on the files so that they are able to be read by the new account.

權限Permissions

需要憑證的 CONTROL 權限,且必須知道用來加密私密金鑰的密碼。Requires CONTROL permission on the certificate and knowledge of the password that is used to encrypt the private key. 如果只備份憑證的公開部份,此命令需要憑證的某些權限,且未對呼叫端拒絕憑證的 VIEW 權限。If only the public part of the certificate is backed up, this command requires some permission on the certificate and that the caller has not been denied VIEW permission on the certificate.

範例Examples

A.A. 將憑證匯出至檔案Exporting a certificate to a file

下列範例將憑證匯出至檔案。The following example exports a certificate to a file.

BACKUP CERTIFICATE sales05 TO FILE = 'c:\storedcerts\sales05cert';  
GO  

B.B. 匯出憑證和私密金鑰Exporting a certificate and a private key

在下列範例中,會利用密碼 997jkhUbhk$w4ez0876hKHJH5gh 加密所備份的憑證私密金鑰。In the following example, the private key of the certificate that is backed up will be encrypted with the password 997jkhUbhk$w4ez0876hKHJH5gh.

BACKUP CERTIFICATE sales05 TO FILE = 'c:\storedcerts\sales05cert'  
    WITH PRIVATE KEY ( FILE = 'c:\storedkeys\sales05key' ,   
    ENCRYPTION BY PASSWORD = '997jkhUbhk$w4ez0876hKHJH5gh' );  
GO  

C.C. 匯出含有加密私密金鑰的憑證Exporting a certificate that has an encrypted private key

在下列範例中,憑證的私密金鑰是在資料庫中加密的。In the following example, the private key of the certificate is encrypted in the database. 必須利用密碼 9875t6#6rfid7vble7r 來解密私密金鑰。The private key must be decrypted with the password 9875t6#6rfid7vble7r. 當憑證儲存至備份檔時,會利用密碼 9n34khUbhk$w4ecJH5gh 加密私密金鑰。When the certificate is stored to the backup file, the private key will be encrypted with the password 9n34khUbhk$w4ecJH5gh.

BACKUP CERTIFICATE sales09 TO FILE = 'c:\storedcerts\sales09cert'   
    WITH PRIVATE KEY ( DECRYPTION BY PASSWORD = '9875t6#6rfid7vble7r' ,  
    FILE = 'c:\storedkeys\sales09key' ,   
    ENCRYPTION BY PASSWORD = '9n34khUbhk$w4ecJH5gh' );  
GO  

另請參閱See Also

CREATE CERTIFICATE (Transact-SQL) CREATE CERTIFICATE (Transact-SQL)
ALTER CERTIFICATE (Transact-SQL) ALTER CERTIFICATE (Transact-SQL)
DROP CERTIFICATE (Transact-SQL)DROP CERTIFICATE (Transact-SQL)
CERTENCODED (Transact-SQL)CERTENCODED (Transact-SQL)
CERTPRIVATEKEY (Transact-SQL)CERTPRIVATEKEY (Transact-SQL)
CERT_ID (Transact-SQL)CERT_ID (Transact-SQL)
CERTPROPERTY (Transact-SQL)CERTPROPERTY (Transact-SQL)