title: "Certificate Management (SQL Server Configuration Manager) | Microsoft Docs"

ms.custom: ""

ms.date: "01/16/2019"

ms.prod: sql

ms.prod_service: high-availability

ms.reviewer: ""

ms.technology: configuration

ms.topic: conceptual

helpviewer_keywords:

- "connections [SQL Server], encrypted"

- "SSL [SQL Server]"

- "Secure Sockets Layer (SSL)"

- "encryption [SQL Server], connections"

- "cryptography [SQL Server], connections"

- "certificates [SQL Server], installing"

- "requesting encrypted connections"

- "installing certificates"

- "security [SQL Server], encryption"

ms.assetid: e1e55519-97ec-4404-81ef-881da3b42006

author: MikeRayMSFT

ms.author: mikeray

manager: craigg

This topic describes how to deploy and manage certificates across your SQL Server Failover Cluster or Always On Availability Group topology.

SSL/TLS certificates are widely used to secure access to SQL Server. With earlier versions of SQL Server, organizations with large SQL Server estates have needed to expend considerable effort to maintain their SQL Server certificate infrastructure—often through developing scripts and running manual commands. With SQL Server 2019, certificate management is integrated into the SQL Server Configuration Manager, simplifying common tasks such as:

* Viewing and validating certificates installed in a SQL Server instance.

* See which certificates may be close to expiration.

* Deploy certificates across Always On Availability Group machines (from the node holding the primary replica).

* Deploy certificates across machines participating in a failover cluster instance (from the active node).

1. In SQL Server Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.

2. Right click on **Protocols for** *<instance Name>*, and then click **Properties**.

3. Click on **Certificate** tab, and then click the **Import** button.

4. Click **Browse** and select certificate file.

5. Click **Next** to validate the certificate. If there are no errors, click **Next** to import the certificate to the local instance.

1. In SQL Server Configuration Manager, in the console pane, expand SQL Server Network Configuration”.

2. Right click on **Protocols for** *<instance Name>*, and then click **Properties**.

3. Click on **Certificate** tab, and then click the **Import** button.

4. Select the certificate type, and whether to import for the current node only, or for each individual cluster node.

5. If installing for a single node, click **Browse** and select certificate file. Then skip to step 8.

6. If installing a certificate for each node, click on **Next** to list possible owner nodes. Possible owners for the current SQL Server FCI will be pre-selected.

7. Click **Next** to select the certificate to be imported.

8. Enter the password when prompted. Look for any warnings or errors after validation.

9. Click **Next** to import the selected certificates.

1. In SQL Server Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.

2. Right click on **Protocols for** *<instance Name>*, and then click **Properties**.

3. Click on **Certificate** tab, and then click the **Import** button.

4. Select the certificate type and click **Next** to select from the list of known Availability Groups.

5. Click **Next** to select certificates for each replica node. Certificates should have a file name that matches the netbios name of the nodes.

6. Click **Next** to import the certificate on each node.