| Author | Jess Pomfret (@jpomfret), jesspomfret.com |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out Restore-DbaDbCertificate on GitHub.
Want to see the Bill Of Health for this command? Check out Restore-DbaDbCertificate.
Imports certificates from .cer files using SMO.
Imports certificates from.cer files using SMO.
Restore-DbaDbCertificate
[-SqlInstance] <DbaInstanceParameter>
[[-SqlCredential] <PSCredential>]
[-Path] <String[]>
[[-KeyFilePath] <String[]>]
[[-EncryptionPassword] <SecureString>]
[[-Database] <String>]
[[-Name] <String>]
[[-DecryptionPassword] <SecureString>]
[-EnableException]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
PS C:\> $securepass = Get-Credential usernamedoesntmatter | Select-Object -ExpandProperty Password
PS C:\> Restore-DbaDbCertificate -SqlInstance Server1 -Path \\Server1\Certificates -DecryptionPassword $securepass
Restores all the certificates in the specified path, password is used to both decrypt and encrypt the private key.
PS C:\> Restore-DbaDbCertificate -SqlInstance Server1 -Path \\Server1\Certificates\DatabaseTDE.cer -DecryptionPassword (Get-Credential usernamedoesntmatter).Password
Restores the DatabaseTDE certificate to Server1 and uses the MasterKey to encrypt the private key.
The target SQL Server instance or instances.
| Alias | |
| Required | True |
| Pipeline | false |
| Default Value |
The Path the contains the certificate and private key files. The path can be a directory or a specific certificate.
| Alias | FullName,ExportPath |
| Required | True |
| Pipeline | true (ByPropertyName) |
| Default Value |
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
The Path the contains the private key file. If one is not specified, we will try to find it for you.
| Alias | Key |
| Required | False |
| Pipeline | true (ByPropertyName) |
| Default Value |
If specified this will be used to encrypt the private key.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
The database where the certificate imports into. Defaults to master.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | master |
The optional name for the certificate, otherwise, it will be guessed from the certificate file name.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Secure string used to decrypt the private key.
| Alias | Password,SecurePassword |
| Required | False |
| Pipeline | false |
| Default Value | (Read-Host "Decryption password" -AsSecureString) |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |
Shows what would happen if the command were to run. No actions are actually performed.
| Alias | wi |
| Required | False |
| Pipeline | false |
| Default Value |
Prompts you for confirmation before executing any changing operations within the command.
| Alias | cf |
| Required | False |
| Pipeline | false |
| Default Value |