Backup certificate WITH PRIVATE KEY error create on other instance

Question

Hi,

I'm having trouble performing a backup of a certificate and subsequently restoring it on another server. I'll share the entire syntax. It's not clear to me whether I need to open the MASTER KEY on the source server.

I created a share at C:\TDE where I stored the certificates and the KEY, which has FULL permissions for the to SQL engine of each instance (I'm on DEV n my machine).

I'm performing these operations from SSMS and logged in as an administrator.

/* SERVER A (default instance) */
-- I need this below?
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'NuovaPasswordMasterKey';
GO

BACKUP CERTIFICATE [TDE_DEV_2025_ShortLife_HP_PROBOOK]
TO FILE = 'C:\TDE\TDE_DEV_2025_ShortLife_HP_PROBOOK.cer'
WITH PRIVATE KEY (
    FILE = 'C:\TDE\TDE_DEV_2025_ShortLife_HP_PROBOOK.pvk',
    ENCRYPTION BY PASSWORD = 'PasswordPrivata'
)
GO

CLOSE MASTER KEY
GO

/* SERVER B (named instance same DEV host) */
CREATE CERTIFICATE [restored__TDE_DEV_2025_ShortLife_HP_PROBOOK]
FROM FILE = 'C:\TDE\TDE_DEV_2025_ShortLife_HP_PROBOOK.cer'
WITH PRIVATE KEY (
    FILE = 'C:\TDE\TDE_DEV_2025_ShortLife_HP_PROBOOK.pvk',
    DECRYPTION BY PASSWORD = 'PasswordPrivata'
)
GO

as you an see... the backup produce

but when try to restore I got always
Msg 15208, Level 16, State 6, Line 23

The certificate, asymmetric key, or private key file is not valid or does not exist; or you do not have permissions for it.

from SQL 2019 to SQL2022... but aren't backup...
I think it doesn't count for anything for certificate

Thanks ALEN

Answer 1

What it says. You need to give the service account for the other instance permissions on the key files. Righ-click the file, select properties, and then go to the security tab.