Change Certificate Expiration

I am using SQL 2014 standard and am using the native backup encryption by using a certificate. I noticed the other day that my backup encryption certificate is going to expire soon. Does anyone know how to extend the expiration date of the certificate? I know I can drop the certificate and create a new one (this time I will set the expiration date to something other than the default one year). But I was hoping to extend the expiration of my current certificate so that the thumbprint will not change and I would not have to carry around two certificates? I have backups of the certificate and tried doing this but I am not sure I can include EXPIRY_DATE when restoring a cert, I am getting a syntax error? DROP Certificate Testcert2; CREATE CERTIFICATE Testcert2 FROM FILE ='C:\TEMP\test\Testcert2.cert' WITH PRIVATE KEY(FILE='C:\TEMP\test\Testcert2.key', DECRYPTION BY PASSWORD='Test123!@#'), EXPIRY_DATE = '20201030'

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

DBANovice commented · Oct 23, 2015 at 05:03 PM

Backup encryption the expiration date takes effect because I had an expired certificate on a dev server and was able to test. It will not allow any backups once the expiration date is reached.

2 ·

JohnM commented · Oct 23, 2015 at 04:38 PM

Everything that I've read in the MSDN documentation states that the expiration data is not checked when it's used for encryption. However, I don't know if that also applies to backup encryption. It appears that you can't create a certificate with a past expiration date to test. Look under "Expiry_Date": https://msdn.microsoft.com/en-us/library/ms187798.aspx

1 ·

JohnM commented · Oct 23, 2015 at 05:13 PM

Well, that blows that theory out of the water. ;-) Sorry that didn't help at least give you a breather.

1 ·

DBANovice commented · Oct 23, 2015 at 08:29 PM

Thanks for the help, I just created a new cert and stored the old backup cert file in a safe location.

0 ·