when i try to create certificate, column master key and column encryption key using the below PS script its works fine in windows 10
Import-Module "SqlServer"
$serverName = "XXX"
$databaseName ="XX"
$connStr = "Server = " + $serverName + "; Database = " + $databaseName + "; Integrated Security=true"
$connection = New-Object Microsoft.SqlServer.Management.Common.ServerConnection
$connection.ConnectionString = $connStr
$connection.Connect()
$server = New-Object Microsoft.SqlServer.Management.Smo.Server($connection)
$database = $server.Databases[$databaseName]
$cert = New-SelfSignedCertificate -Subject "Cert" -CertStoreLocation Cert:LocalMachine\My -KeyExportPolicy Exportable -Type DocumentEncryptionCert -KeyUsage KeyEncipherment -KeySpec KeyExchange -KeyLength 2048
$cmkSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation "LocalMachine" -Thumbprint $cert.Thumbprint
$cmkName = "CMK1"
New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnMasterKeySettings $cmkSettings
$cekName = "CEK1"
New-SqlColumnEncryptionKey -Name $cekName -InputObject $database -ColumnMasterKey $cmkName
but getting error in windows server 2012. if i remove the following:
-Subject, -KeyExportPolicy Exportable -Type DocumentEncryptionCert -KeyUsage KeyEncipherment -KeySpec KeyExchange -KeyLength 2048
and use -DNSName
only then it just create column master key and throw error while create column encryption key.
someone please provide me correct syntax which works on Windows server 2012 and create certificate , column master key and column encryption key?