< Back
Backup-DbaDbCertificate
Post
NAME Backup-DbaDbCertificate
SYNOPSIS
Exports database certificates from SQL Server using SMO.
SYNTAX
Backup-DbaDbCertificate [-SqlCredential <Pscredential>] [-EncryptionPassword <Securestring>] [-DecryptionPassword
<Securestring>] [-Path <System.IO.FileInfo>] [-Suffix <String>] [-EnableException <Switch>] [<CommonParameters>]
Backup-DbaDbCertificate -SqlInstance <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]> [-SqlCredential
<Pscredential>] [-Certificate <System.Object[]>] [-Database <System.Object[]>] [-ExcludeDatabase
<System.Object[]>] [-EncryptionPassword <Securestring>] [-DecryptionPassword <Securestring>] [-Path
<System.IO.FileInfo>] [-Suffix <String>] [-EnableException <Switch>] [<CommonParameters>]
Backup-DbaDbCertificate [-SqlCredential <Pscredential>] [-EncryptionPassword <Securestring>] [-DecryptionPassword
<Securestring>] [-Path <System.IO.FileInfo>] [-Suffix <String>] [-InputObject
<Microsoft.SqlServer.Management.Smo.Certificate[]>] [-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
Exports database certificates from SQL Server using SMO and outputs the .cer and .pvk files.
PARAMETERS
-Certificate [<System.Object[]>]
Exports certificate that matches the name(s).
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Database [<System.Object[]>]
Exports the encryptor for specific database(s).
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-DecryptionPassword [<Securestring>]
A string value that specifies the system path to decrypt the private key.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EncryptionPassword [<Securestring>]
A string value that specifies the system path to encrypt the private key.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeDatabase [<System.Object[]>]
Database(s) to skip when exporting encryptors.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-InputObject [<Microsoft.SqlServer.Management.Smo.Certificate[]>]
Enables piping from Get-DbaDbCertificate
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Path [<System.IO.FileInfo>]
The path to output the files to. The path is relative to the SQL Server itself. If no path is specified, the
default data directory will be used.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances. This can be a collection and receive pipeline input to allow the
function to be executed against multiple SQL Server instances.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Suffix [<String>]
The suffix of the filename of the exported certificate.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Migration, Certificate
Author: Jess Pomfret (@jpomfret)
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1
Exports all the certificates on the specified SQL Server to the default data path for the instance.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$cred = Get-Credential sqladmin
PS C:\\> Backup-DbaDbCertificate -SqlInstance Server1 -SqlCredential $cred
Connects using sqladmin credential and exports all the certificates on the specified SQL Server to the default
data path for the instance.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Certificate Certificate1
Exports only the certificate named Certificate1 on the specified SQL Server to the default data path for the
instance.
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Database AdventureWorks
Exports only the certificates for AdventureWorks on the specified SQL Server to the default data path for the
instance.
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -ExcludeDatabase AdventureWorks
Exports all certificates except those for AdventureWorks on the specified SQL Server to the default data path for
the instance.
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Path \\\\Server1\\Certificates -EncryptionPassword
(ConvertTo-SecureString -force -AsPlainText GoodPass1234!!)
Exports all the certificates and private keys on the specified SQL Server.
-------------------------- EXAMPLE 7 --------------------------
PS C:\\>$EncryptionPassword = ConvertTo-SecureString -AsPlainText "GoodPass1234!!" -force
PS C:\\> $DecryptionPassword = ConvertTo-SecureString -AsPlainText "Password4567!!" -force
PS C:\\> Backup-DbaDbCertificate -SqlInstance Server1 -EncryptionPassword $EncryptionPassword -DecryptionPassword
$DecryptionPassword
Exports all the certificates on the specified SQL Server using the supplied DecryptionPassword, since an
EncryptionPassword is specified private keys are also exported.
-------------------------- EXAMPLE 8 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Path \\\\Server1\\Certificates
Exports all certificates on the specified SQL Server to the specified path.
-------------------------- EXAMPLE 9 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Suffix DbaTools
Exports all certificates on the specified SQL Server to the specified path, appends DbaTools to the end of the
filenames.
-------------------------- EXAMPLE 10 --------------------------
PS C:\\>Get-DbaDbCertificate -SqlInstance sql2016 | Backup-DbaDbCertificate
Exports all certificates found on sql2016 to the default data directory.
RELATED LINKS
SYNOPSIS
Exports database certificates from SQL Server using SMO.
SYNTAX
Backup-DbaDbCertificate [-SqlCredential <Pscredential>] [-EncryptionPassword <Securestring>] [-DecryptionPassword
<Securestring>] [-Path <System.IO.FileInfo>] [-Suffix <String>] [-EnableException <Switch>] [<CommonParameters>]
Backup-DbaDbCertificate -SqlInstance <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]> [-SqlCredential
<Pscredential>] [-Certificate <System.Object[]>] [-Database <System.Object[]>] [-ExcludeDatabase
<System.Object[]>] [-EncryptionPassword <Securestring>] [-DecryptionPassword <Securestring>] [-Path
<System.IO.FileInfo>] [-Suffix <String>] [-EnableException <Switch>] [<CommonParameters>]
Backup-DbaDbCertificate [-SqlCredential <Pscredential>] [-EncryptionPassword <Securestring>] [-DecryptionPassword
<Securestring>] [-Path <System.IO.FileInfo>] [-Suffix <String>] [-InputObject
<Microsoft.SqlServer.Management.Smo.Certificate[]>] [-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
Exports database certificates from SQL Server using SMO and outputs the .cer and .pvk files.
PARAMETERS
-Certificate [<System.Object[]>]
Exports certificate that matches the name(s).
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Database [<System.Object[]>]
Exports the encryptor for specific database(s).
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-DecryptionPassword [<Securestring>]
A string value that specifies the system path to decrypt the private key.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EncryptionPassword [<Securestring>]
A string value that specifies the system path to encrypt the private key.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeDatabase [<System.Object[]>]
Database(s) to skip when exporting encryptors.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-InputObject [<Microsoft.SqlServer.Management.Smo.Certificate[]>]
Enables piping from Get-DbaDbCertificate
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Path [<System.IO.FileInfo>]
The path to output the files to. The path is relative to the SQL Server itself. If no path is specified, the
default data directory will be used.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances. This can be a collection and receive pipeline input to allow the
function to be executed against multiple SQL Server instances.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Suffix [<String>]
The suffix of the filename of the exported certificate.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Migration, Certificate
Author: Jess Pomfret (@jpomfret)
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1
Exports all the certificates on the specified SQL Server to the default data path for the instance.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$cred = Get-Credential sqladmin
PS C:\\> Backup-DbaDbCertificate -SqlInstance Server1 -SqlCredential $cred
Connects using sqladmin credential and exports all the certificates on the specified SQL Server to the default
data path for the instance.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Certificate Certificate1
Exports only the certificate named Certificate1 on the specified SQL Server to the default data path for the
instance.
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Database AdventureWorks
Exports only the certificates for AdventureWorks on the specified SQL Server to the default data path for the
instance.
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -ExcludeDatabase AdventureWorks
Exports all certificates except those for AdventureWorks on the specified SQL Server to the default data path for
the instance.
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Path \\\\Server1\\Certificates -EncryptionPassword
(ConvertTo-SecureString -force -AsPlainText GoodPass1234!!)
Exports all the certificates and private keys on the specified SQL Server.
-------------------------- EXAMPLE 7 --------------------------
PS C:\\>$EncryptionPassword = ConvertTo-SecureString -AsPlainText "GoodPass1234!!" -force
PS C:\\> $DecryptionPassword = ConvertTo-SecureString -AsPlainText "Password4567!!" -force
PS C:\\> Backup-DbaDbCertificate -SqlInstance Server1 -EncryptionPassword $EncryptionPassword -DecryptionPassword
$DecryptionPassword
Exports all the certificates on the specified SQL Server using the supplied DecryptionPassword, since an
EncryptionPassword is specified private keys are also exported.
-------------------------- EXAMPLE 8 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Path \\\\Server1\\Certificates
Exports all certificates on the specified SQL Server to the specified path.
-------------------------- EXAMPLE 9 --------------------------
PS C:\\>Backup-DbaDbCertificate -SqlInstance Server1 -Suffix DbaTools
Exports all certificates on the specified SQL Server to the specified path, appends DbaTools to the end of the
filenames.
-------------------------- EXAMPLE 10 --------------------------
PS C:\\>Get-DbaDbCertificate -SqlInstance sql2016 | Backup-DbaDbCertificate
Exports all certificates found on sql2016 to the default data directory.
RELATED LINKS