commands

^

Backup-DbaDbCertificate

Author Jess Pomfret (@jpomfret)
Availability Windows, Linux, macOS

 

Synopsis

Exports database certificates from SQL Server using SMO.

Description

Exports database certificates from SQL Server using SMO and outputs the .cer and .pvk files.

Syntax

Backup-DbaDbCertificate
    [-SqlCredential <PSCredential>]
    [-EncryptionPassword <SecureString>]
    [-DecryptionPassword <SecureString>]
    [-Path <FileInfo>]
    [-Suffix <String>]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Backup-DbaDbCertificate -SqlInstance <DbaInstanceParameter[]>
    [-SqlCredential <PSCredential>]
    [-Certificate <Object[]>]
    [-Database <Object[]>]
    [-ExcludeDatabase <Object[]>]
    [-EncryptionPassword <SecureString>]
    [-DecryptionPassword <SecureString>]
    [-Path <FileInfo>]
    [-Suffix <String>]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Backup-DbaDbCertificate
    [-SqlCredential <PSCredential>]
    [-EncryptionPassword <SecureString>]
    [-DecryptionPassword <SecureString>]
    [-Path <FileInfo>]
    [-Suffix <String>]
    [-InputObject <Certificate[]>]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> Backup-DbaDbCertificate -SqlInstance Server1

Exports all the certificates on the specified SQL Server to the default data path for the instance.

Example: 2
PS C:\> $cred = Get-Credential sqladmin
PS C:\> Backup-DbaDbCertificate -SqlInstance Server1 -SqlCredential $cred

Connects using sqladmin credential and exports all the certificates on the specified SQL Server to the default data path for the instance.

Example: 3
PS C:\> Backup-DbaDbCertificate -SqlInstance Server1 -Certificate Certificate1

Exports only the certificate named Certificate1 on the specified SQL Server to the default data path for the instance.

Example: 4
PS C:\> Backup-DbaDbCertificate -SqlInstance Server1 -Database AdventureWorks

Exports only the certificates for AdventureWorks on the specified SQL Server to the default data path for the instance.

Example: 5
PS C:\> Backup-DbaDbCertificate -SqlInstance Server1 -ExcludeDatabase AdventureWorks

Exports all certificates except those for AdventureWorks on the specified SQL Server to the default data path for the instance.

Example: 6
PS C:\> Backup-DbaDbCertificate -SqlInstance Server1 -Path \\Server1\Certificates -EncryptionPassword (ConvertTo-SecureString -force -AsPlainText GoodPass1234!!)

Exports all the certificates and private keys on the specified SQL Server.

Example: 7
PS C:\> $EncryptionPassword = ConvertTo-SecureString -AsPlainText "GoodPass1234!!" -force
PS C:\> $DecryptionPassword = ConvertTo-SecureString -AsPlainText "Password4567!!" -force
PS C:\> Backup-DbaDbCertificate -SqlInstance Server1 -EncryptionPassword $EncryptionPassword -DecryptionPassword $DecryptionPassword

Exports all the certificates on the specified SQL Server using the supplied DecryptionPassword, since an EncryptionPassword is specified private keys are also exported.

Example: 8
PS C:\> Backup-DbaDbCertificate -SqlInstance Server1 -Path \\Server1\Certificates

Exports all certificates on the specified SQL Server to the specified path.

Example: 9
PS C:\> Backup-DbaDbCertificate -SqlInstance Server1 -Suffix DbaTools

Exports all certificates on the specified SQL Server to the specified path, appends DbaTools to the end of the filenames.

Example: 10
PS C:\> Get-DbaDbCertificate -SqlInstance sql2016 | Backup-DbaDbCertificate

Exports all certificates found on sql2016 to the default data directory.

Required Parameters

-SqlInstance

The target SQL Server instance or instances. This can be a collection and receive pipeline input to allow the function to be executed against multiple SQL Server instances.

Alias
Required True
Pipeline false
Default Value

Optional Parameters

-SqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential). Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported. For MFA support, please use Connect-DbaInstance.

Alias
Required False
Pipeline false
Default Value
-Certificate

Exports certificate that matches the name(s).

Alias
Required False
Pipeline false
Default Value
-Database

Exports the encryptor for specific database(s).

Alias
Required False
Pipeline false
Default Value
-ExcludeDatabase

Database(s) to skip when exporting encryptors.

Alias
Required False
Pipeline false
Default Value
-EncryptionPassword

A string value that specifies the system path to encrypt the private key.

Alias
Required False
Pipeline false
Default Value
-DecryptionPassword

Secure string used to decrypt the private key.

Alias
Required False
Pipeline false
Default Value
-Path

The path to output the files to. The path is relative to the SQL Server itself. If no path is specified, the default data directory will be used.

Alias
Required False
Pipeline false
Default Value
-Suffix

The suffix of the filename of the exported certificate.

Alias
Required False
Pipeline false
Default Value "$(Get-Date -format 'yyyyMMddHHmmssms')"
-InputObject

Enables piping from Get-DbaDbCertificate

Alias
Required False
Pipeline true (ByValue)
Default Value
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False
-WhatIf

If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.

Alias wi
Required False
Pipeline false
Default Value
-Confirm

If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.

Alias cf
Required False
Pipeline false
Default Value

 

Want to see the source code for this command? Check out Backup-DbaDbCertificate on GitHub.
Want to see the Bill Of Health for this command? Check out Backup-DbaDbCertificate.