I am trying to create backup certificate from primary to create certificates on secondary nodes for an availability group. Using the following:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password123';
CREATE CERTIFICATE dbm_certificate WITH SUBJECT = 'dbm';
BACKUP CERTIFICATE dbm_certificate
TO FILE = 'dbm_certificate.cer'
WITH PRIVATE KEY (
FILE = 'dbm_certificate.pvk',
ENCRYPTION BY PASSWORD = '123password'
);
The master key and certificate creation are successful but the BACKUP CERTIFICATE
returns:
A transport-level error has occurred when receiving results from the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.)
This seems to be caused by a core dump by sql giving the following log:
This program has encountered a fatal error and cannot continue running at Tue Jan 26 12:25:05 2021
The following diagnostic information is available:
Reason: 0x00000001
Signal: SIGABRT - Aborted (6)
Stack:
IP Function
---------------- --------------------------------------
0000559b81252023 malloc_usable_size+0x9e103
0000559b81251afe malloc_usable_size+0x9dbde
0000559b8125111a malloc_usable_size+0x9d1fa
00007fbabc90d400 __restore_rt+0x0
00007fbabc90d387 gsignal+0x37
00007fbabc90ea78 abort+0x148
00007fbabb5ecc8f OpenSSLDie+0x1f
00007fbabb6aadcc bad_do_cipher+0x1c
00007fbabb6aafba EVP_EncryptUpdate+0xda
0000559b8120c8ce malloc_usable_size+0x589ae
0000559b8120c4c2 malloc_usable_size+0x585a2
0000559b811d60d5 malloc_usable_size+0x221b5
0000559b811d5d99 malloc_usable_size+0x21e79
Process: 11391 - sqlservr
Thread: 11513 (application thread 0x1c4)
Instance Id: 2b6201eb-eeba-4f82-8007-7e3ef630be1a
Crash Id: 98fa6ae2-ac80-4454-839a-06ffba21260a
Build stamp: 86f25b9af3192b748396bd75b5bf3eceb3e2e62a8c2271521d281f5a53463d38
Distribution: Red Hat Enterprise Linux
Processors: 4
Total Memory: 8370020352 bytes
Timestamp: Tue Jan 26 12:25:05 2021
Removing the WITH PRIVATE KEY
allows the command to succeed creating dbm_certificate in the data folder. This lead me to believe the issue was with OPENSSL and the encryption of private key. I have installed MSSQL 2019 on Red Hat 7.9 with OPENSSL 1.0.2k. I have created symlinks to OPENSSL in /opt/mssql/lib as well as adding :
[Service]
Environment="LD_LIBRARY_PATH=/opt/mssql/lib"
to the mssql-server service.
User contributions licensed under CC BY-SA 3.0