Saturday , June 10 2023

The certificate, asymmetric key, or private key file is not valid or does not exist; or you do not have permissions for it


In order to restore the backup of a database encrypted with TDE (Transparent Data Encryption) to another instance, we need to transfer the certificate backup from the server encrypted with TDE to the server we want to restore the database to.

You may receive this error when you try to create a new certificate from a certificate backup in the target instance.

This means that the sql server service account used by the instance we want to create the Certificate does not have the necessary privileges.


Right-click the path where the certificate and Private key is located and click Properties, then go to the Security tab, and click Add to authorize the Sql server service account.

If you cannot authorize this way, you must right-click on the files named mycertificate and myprivatekey and give the necessary authorization to the sql server service account in the security tab. After this process your certificate will be created.


About dbtut

We are a team with over 10 years of database management and BI experience. Our Expertises: Oracle, SQL Server, PostgreSQL, MySQL, MongoDB, Elasticsearch, Kibana, Grafana.

Leave a Reply

Your email address will not be published. Required fields are marked *