Microsoft SQL ServerEncryption


Optional ParametersDetails
WITH PRIVATE KEYFor CREATE CERTIFICATE, a private key can be specified: (FILE='D:\Temp\CertTest\private.pvk', DECRYPTION BY PASSWORD = 'password');


Creation of a DER certificate will work fine. When a Base64 certificate is used however, SQL server will complain with the cryptic message:

Msg 15468, Level 16, State 6, Line 1
An error occurred during the generation of the certificate.

Import your Base64 certificate to your OS's certificate store to be able to re-export it into DER binary format.

Another important thing to do is having an Encryption Hierarchy so that one protects the other, all the way to OS level. See the article on 'Encryption of database/TDE'

For more information for creation of certificates go to:

For more information for encryption of database/TDE go to:

For more information for encryption of data go to: