Updating certificates

USE [master] GO CREATE CERTIFICATE New TDECert FROM FILE = '\SQLP2\temp\New TDECert.cer' WITH PRIVATE KEY (FILE = '\SQLP2\temp\New TDECert.pvk', DECRYPTION BY PASSWORD = 'str0ng Pa$$w0rd'); GO ALTER DATABASE [AGplaceholder] SET HADR RESUME; GO You do not need to perform a backup and restore of the database using TDE again, the synchronization can resume after the certificate is restored.You will not get a Warning message about certificate expiration, because the expiration date for the new certificate is in the future.Previous releases for the same device family and edition are then taken offline so that only the latest edition is typically available at any given time (previous URLs will be forwarded to the latest editions as well).

If your database is involved in any HA or DR, the new certificate needs to be restored to all the secondary SQL Server instances.

In our scenario, database [AGplaceholder] is involved in an Availability Group (AG).

The Lync Phone Edition client now has two different interfaces.

First, the original touchscreen-based client which started in OCS on the CX700 and was updated for Lync.

You should always keep a backup of the old certificate in case you need to restore a TDE enabled database using an older backup that used the old key. It is paramount to backup the TDE certificate after any certificate changes as this is required to restore the database to another SQL Server instance.

We can issue a backup certificate command for the new certificate as shown below.

This is basically the same process as was used in Office Communications Server except that now there are multiple update packages, which on the surface appear to be identical.

Previously the only supported devices that used the Office Communicator Phone Edition client were the Microsoft reference-design “Tanjay” family of devices: the Polycom CX700 and LG-Nortel IP8540.

If you want to replace the existing certificate used in TDE, you first need to create a new certificate.

The command is the same as creating the TDE certificate for the first time, except you now provide a different certificate name.

This client looks nearly identical to the previous version but has a few tweaks (most prominently a Lync Server branded background).

Tags: , ,