Certificate (SHA1) loaded in a database but couldn't be found under SQL Configuration Manager and Key Registry



  • I have two instances on a server. sql 2014 (port 1433) and sql 2016 (port 50019) I have a certificate with SHA1 algorithm on a server that is not expired.

    enter image description here

    **When sql server started I can clearly see that the above certificate was loaded for encryption (see snip).

    enter image description here

    Seems like this is NOT self generated certificate, as it doesn't say so.**


    However, if I check certificates under SQL configuration manager, I don't see it there.

    enter image description here


    Also, there is no certificates used under Register keys

    enter image description here

    So, why it's loaded in a database but can't be found under SQL Configuration and Register Editor? Has it been installed correctly?



  • So, why it's loaded in a database but can't be found under SQL Configuration and Register Editor?

    By default, SQL Server will check the certificate store for any certificates that match the requirements to be used for SSL. If one is found then it is used in place of a self-seigned certificate which is generated upon startup (if needed).

    Since this is done automagically for you, there is no configuration required, though it is best to be explicitly configured if forcing encryption.

    There are various reasons it may not show up in the configuration manager for SQL Server. I've spent far too much time debugging these to know that previous to SQL Server 2019, it's a crap shoot at best.

    Has it been installed correctly?

    It wouldn't be able to be used if it weren't.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2