Converting exported private key from Microsoft SQL Server to PEM and back to PVK The 2019...
How do I design a circuit to convert a 100 mV and 50 Hz sine wave to a square wave?
How to determine omitted units in a publication
Presidential Pardon
Do working physicists consider Newtonian mechanics to be "falsified"?
"... to apply for a visa" or "... and applied for a visa"?
What aspect of planet Earth must be changed to prevent the industrial revolution?
how can a perfect fourth interval be considered either consonant or dissonant?
Could an empire control the whole planet with today's comunication methods?
Mortgage adviser recommends a longer term than necessary combined with overpayments
Accepted by European university, rejected by all American ones I applied to? Possible reasons?
What was the last x86 CPU that did not have the x87 floating-point unit built in?
How to politely respond to generic emails requesting a PhD/job in my lab? Without wasting too much time
Button changing its text & action. Good or terrible?
What do I do when my TA workload is more than expected?
Working through the single responsibility principle (SRP) in Python when calls are expensive
How did the audience guess the pentatonic scale in Bobby McFerrin's presentation?
Student Loan from years ago pops up and is taking my salary
Can withdrawing asylum be illegal?
How can a C program poll for user input while simultaneously performing other actions in a Linux environment?
Is 'stolen' appropriate word?
University's motivation for having tenure-track positions
Can the DM override racial traits?
Can we generate random numbers using irrational numbers like π and e?
Python - Fishing Simulator
Converting exported private key from Microsoft SQL Server to PEM and back to PVK
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Which ports to open for Microsoft SQL Server?Error installing certificates with private keysHow can I make a usable copy of an SQL Server database on Windows Server 2003?Removing Microsoft SQL ServerPKCS12 key from Winserver2008 cert authorityDid I just send my private ssh key?How to export certificate in pfx format?pfSense self-signed GUI cert works on LAN with Firefox, but FreeNAS' doesn't. How to fix it?Let's encrypt + certbot: where is the private keySecurity, recovery etc of Letsencrypt certificates
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.
I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.
The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.
I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.
Reversing the openssl command to output a pvk from pem also fails.
Anyone know a way to get this done?
Thanks
-Mike
security sql-server microsoft
asked yesterday
Mike BranhamMike Branham
1
New contributor
Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.
I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.
The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.
I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.
Reversing the openssl command to output a pvk from pem also fails.
Anyone know a way to get this done?
Thanks
-Mike
security sql-server microsoft
asked yesterday
Mike BranhamMike Branham
1
New contributor
Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.
– Mike Branham
yesterday
add a comment |
I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.
I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.
The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.
I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.
Reversing the openssl command to output a pvk from pem also fails.
Anyone know a way to get this done?
Thanks
-Mike
security sql-server microsoft
asked yesterday
Mike BranhamMike Branham
1
New contributor
Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I have need to backup the cert and private key for SQL TDE and store that on a KeySecure key management system.
I can do the backup and get the files, and have no issue with converting the certificate from MS format to something usable on the KeySecure, and converting it back out to something that SQL Server likes.
The issue is with the private key in MS proprietary .pvk file. I can use openssl to convert it to PEM, which I can then import into the KeySecure. However that PEM file doesn't seem to be convertible back to the same binary .pvk. File compares are vastly different.
I've tried putting the cert and key into a pfx file and using PVKConverter from Microsoft, as well as a utility I found called pvk.exe.
Reversing the openssl command to output a pvk from pem also fails.
Anyone know a way to get this done?
Thanks
-Mike
security sql-server microsoft
security sql-server microsoft
asked yesterday
Mike BranhamMike Branham
1
New contributor
Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked yesterday
Mike BranhamMike Branham
1
New contributor
Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked yesterday
Mike BranhamMike Branham
1
New contributor
Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked yesterday
Mike BranhamMike Branham
1
asked yesterday
Mike BranhamMike Branham
1
1
New contributor
Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Mike Branham is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.
– Mike Branham
yesterday
add a comment |
I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.
– Mike Branham
yesterday
I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.
– Mike Branham
yesterday
I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.
– Mike Branham
yesterday
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1424262%2fconverting-exported-private-key-from-microsoft-sql-server-to-pem-and-back-to-pvk%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.
Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.
Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.
Mike Branham is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1424262%2fconverting-exported-private-key-from-microsoft-sql-server-to-pem-and-back-to-pvk%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I found the utility pvk2pfx in the MS SDK. So I took the key and cert from MS SQL cert backup and created a pfx with that. The other utility PVKConverter takes a pfx and produces a key and cert in MS format. Sounds like just what is needed. Unfortunately giving the output of the pfx creation to the converter, while it does create a cert and key file, the key file does not match the original input key that came from SQL Server. <heavy sigh>.
– Mike Branham
yesterday