Installation of Always Encrypted Certificate

Install the `Visual C++ Redistributable Package` as a prerequisite.

You can download the latest version from the official Microsoft site: (https://support.microsoft.com/en-ie/help/2977003/the-latest-supported-visual-c-downloads)

Install `OpenSSL` for Windows

Access the links to install OpenSSL binaries for Windows from the following site: (https://wiki.openssl.org/index.php/Binaries)

Download a version for Windows from the following link: (https://slproweb.com/products/Win32OpenSSL.html)

Follow the onscreen instructions to install the Win64OpenSSL_Light-1_1_0j.exe and select the option to copy the OpenSSL DLLs to The OpenSSL binaries (/bin) directory (https://slproweb.com/download/Win64OpenSSL_Light-1_1_0j.exe)

Open the openSSL.exe file.

Run the following command:

req -config C:\OpenSSL-Win64\bin\openssl.cfg -days 36525 -x509 -sha256 -nodes -newkey rsa:2048 -keyout AlwaysEncrypted.key -out AlwaysEncrypted.pem

Enter the relevant information when prompted

Country Name
State of Province Name
Locality Name
Organization Name
Common Name (append AlwaysEncrypted for a quick and visual reference)
Email address

The `AlwaysEncrypted.key` and `AlwaysEncrypted.pem` are created in the `OpenSSL-Win64\bin` directory.

Run the following command to export the certificate to the PFX format for Windows:

pkcs12 -export -out AlwaysEncrypted.pfx -inkey AlwaysEncrypted.key -in AlwaysEncrypted.pem

Enter and Verify the Export Password when prompted

N.B. Store this Password in a safe place. You will need this Password to import the Certificate later on.

The `AlwaysEncrypted.pfx` file is created in your `OpenSSL-win64/bin` directory.

Copy the `AlwaysEncrypted.pfx` to your database server having the SQL Server instance and double click on the file install the certificate.

The `Certificate Import Wizard` will open. Select the option for `Local machine`.

Select the previously generated `AlwaysEncrypted.pfx` file to import.

Enter the `Password` previously chosen during the export process.

Select the `Automatically select the certificate store based on type of certificate` option.

Click `Finish` to complete the installation of the Certificate.

Top

Requirements

Installation

Update

Database Scripts

Home

Configuration

API

Home
Data
Security
- Account
- Active Directory
- Analytic
- Cache
- Group
- Group Account
- Logging
- Privilege
- Trace
- Configuration
Subscription
System
- Navigation
- Notification
  - Email
- Settings
  - Copyright
  - Format
  - Language
  - Reason
  - Frequency
- Workflow
Px Build
- Build

Developer

Home
Developer Tools
Client Tier
- Folder Structure
- Resources
Server Tier
Database Tier

End User Guide

Home
General Navigation
Data
Upload
Releases
Build
- Create
- Update
- Import
Manage
- Users
- Groups
- Subjects
- Products
- Alerts
- Analytics
- Tracing
- Logging
Configuration
- Languages
- Formats
- Copyrights
- Reasons
Keywords

Data Formats

Data Formats

About

About

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Installation of Always Encrypted Certificate

Install the `Visual C++ Redistributable Package` as a prerequisite.

Install `OpenSSL` for Windows

Open the openSSL.exe file.

Run the following command:

Enter the relevant information when prompted

The `AlwaysEncrypted.key` and `AlwaysEncrypted.pem` are created in the `OpenSSL-Win64\bin` directory.

Run the following command to export the certificate to the PFX format for Windows:

Enter and Verify the Export Password when prompted

The `AlwaysEncrypted.pfx` file is created in your `OpenSSL-win64/bin` directory.

Copy the `AlwaysEncrypted.pfx` to your database server having the SQL Server instance and double click on the file install the certificate.

The `Certificate Import Wizard` will open. Select the option for `Local machine`.

Select the previously generated `AlwaysEncrypted.pfx` file to import.

Enter the `Password` previously chosen during the export process.

Select the `Automatically select the certificate store based on type of certificate` option.

Click `Finish` to complete the installation of the Certificate.

Clone this wiki locally

Installation of Always Encrypted Certificate

Install the Visual C++ Redistributable Package as a prerequisite.

Install OpenSSL for Windows

Open the openSSL.exe file.

Run the following command:

Enter the relevant information when prompted

The AlwaysEncrypted.key and AlwaysEncrypted.pem are created in the OpenSSL-Win64\bin directory.

Run the following command to export the certificate to the PFX format for Windows:

Enter and Verify the Export Password when prompted

The AlwaysEncrypted.pfx file is created in your OpenSSL-win64/bin directory.

Copy the AlwaysEncrypted.pfx to your database server having the SQL Server instance and double click on the file install the certificate.

The Certificate Import Wizard will open. Select the option for Local machine.

Select the previously generated AlwaysEncrypted.pfx file to import.

Enter the Password previously chosen during the export process.

Select the Automatically select the certificate store based on type of certificate option.

Click Finish to complete the installation of the Certificate.

Clone this wiki locally

Install the `Visual C++ Redistributable Package` as a prerequisite.

Install `OpenSSL` for Windows

The `AlwaysEncrypted.key` and `AlwaysEncrypted.pem` are created in the `OpenSSL-Win64\bin` directory.

The `AlwaysEncrypted.pfx` file is created in your `OpenSSL-win64/bin` directory.

Copy the `AlwaysEncrypted.pfx` to your database server having the SQL Server instance and double click on the file install the certificate.

The `Certificate Import Wizard` will open. Select the option for `Local machine`.

Select the previously generated `AlwaysEncrypted.pfx` file to import.

Enter the `Password` previously chosen during the export process.

Select the `Automatically select the certificate store based on type of certificate` option.

Click `Finish` to complete the installation of the Certificate.