David Dong


anyone has the experience to solve this



Re: Database mirror certificate expired

Kaloian Manassiev - MSFT


what do you mean by "dbm certificate expired" is this the certificate assigned to the mirroring endpoints





Re: Database mirror certificate expired

David Dong

yes, the certificate which used to encrypt the endpoint has expired. could you give me some advice about how to change the certificate or extend the lifttime of this certificate

appreciate.

thanks.





Re: Database mirror certificate expired

Remus Rusanu

Certificate lifetimes cannot be extended.

For each machine that has an expired cert, here are the steps to replace the cert. I'll call the instance that has the cert expired M1, the peer M2:

1) on M1: create a new certificate in [master]

2) on M1: export (backup) the public key part of the cert

3) on M2: restore the cert, under the same owner (authorization) as the old cert on the peer

4) on M1: alter the endpoint to use the new cert (ALTER ENDPOINT ... FOR DATABASE_MIRRORING (AUTHENTICATION = [new_cert])

5) on M1: drop the old cert

6) on M2: drop the old cert

You'll probably gonna have to repeat the steps on the other direction as well (swap M1 with M2) since most likely the peer's cert is also expired.






Re: Database mirror certificate expired

David Dong

Remus, thanks you very much.




Re: Database mirror certificate expired

remushociota

Hi Remus I also have a question. When initially creating the certificates is there a way to specify the validity By default I saw it is 1 year. Maybe put 5 years right from the beginning...

salut





Re: Database mirror certificate expired

remushociota

got it

CREATE CERTIFICATE xxx_cert
WITH SUBJECT = 'xxx certificate for database mirroring',
EXPIRY_DATE = '12/31/2020';
GO





Re: Database mirror certificate expired

lrod

with regards to certs that last 18 years.... thats a long time. even if they are already 7 years old