Hi All,
I have some questions related to SQL 2008 EE feature Transparent Data encryption (TDE).
While implementing TDE we create a certificate in master database as follows and immediately take the backup of it.
use master
go
CREATE CERTIFICATE TDECert WITH SUBJECT = 'Test TDE Certificate'
go
Question 1)
By default expiry date of the certificate is 1 year.Now let’s say, my certificate is expired, then what happens?
Even further, since certificate is expired, if I say, ALTER DATABASE <DBname> SET ENCRYPTION OFF; will I get back my original plaintext or my data is LOST? For certificate expiry date what are the measures to be taken care ? Usually, what value is set
for expiry_Date?
Question 2) For some reason, If I lost my certificate or it got corrupted , how can i get my original data ?
Will ALTER DATABASE <DBname> SET ENCRYPTION OFF; would help in any way or no use?
Question 3) if the database is already in AG. let's say db1, now I implemented TDE on primary , before enabling the TDE on primary, do i need to remove that database from AG?,
then implement TDE and then add it back to AG?
Thanks,
Sam