Merge pull request #27914 from rwestMSFT/rw-0802-refresh-database-content-003

JamesJBarnett · web-flow · commit 6fcb5c73b1da · 2023-08-02T15:56:30.000-07:00
Database content refresh: manage certificates article
diff --git a/docs/database-engine/configure-windows/manage-certificates.md b/docs/database-engine/configure-windows/manage-certificates.md
@@ -3,7 +3,7 @@ title: Certificate Management (SQL Server Configuration Manager)
 description: Learn how to install certificates in various SQL Server configurations. Examples include single instances, failover clusters, and Always On availability groups.
 author: rwestMSFT
 ms.author: randolphwest
-ms.date: "01/12/2021"
+ms.date: 08/02/2023
 ms.service: sql
 ms.subservice: configuration
 ms.topic: conceptual
@@ -18,85 +18,90 @@ helpviewer_keywords:
   - "installing certificates"
   - "security [SQL Server], encryption"
 ---
-
 # Certificate Management (SQL Server Configuration Manager)
 
 [!INCLUDE [sql-windows-only](../../includes/applies-to-version/sql-windows-only.md)]
 
-This topic describes how to deploy and manage certificates across your SQL Server Always On Failover Cluster or Availability Group topology.
+This article describes how to deploy and manage certificates across your [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] Always On Failover Cluster Instance (FCI) or Availability Group (AG) topology.
+
+SSL/TLS certificates are widely used to secure access to [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)]. With earlier versions of [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)], organizations with large [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] estates had to spend considerable effort to maintain their [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] certificate infrastructure, often through developing scripts and running manual commands.
 
-SSL/TLS certificates are widely used to secure access to SQL Server. With earlier versions of SQL Server, organizations with large SQL Server estates had to spend considerable effort to maintain their SQL Server certificate infrastructure, often through developing scripts and running manual commands. With SQL Server 2019, certificate management is integrated into the SQL Server Configuration Manager, simplifying common tasks such as: 
+With [!INCLUDE [sssql19-md](../../includes/sssql19-md.md)] and later versions, certificate management is integrated into the [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] Configuration Manager, which simplifies the following common tasks:
 
-* Viewing and validating certificates installed in a SQL Server instance. 
-* Identifying which certificates may be close to expiring. 
-* Deploying certificates across Always On Availability Group machines from the node holding the primary replica. 
-* Deploying certificates across machines participating in an Always On failover cluster instance from the active node.
+- View and validate certificates installed in a [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] instance.
+- Identify which certificates may be close to expiring.
+- Deploy certificates across AG machines from the node holding the primary replica.
+- Deploy certificates across FCI machines from the active node.
 
-> [!NOTE]
-> You can use certificate management in SQL Server Configuration Manager with lower versions of SQL Server, starting with SQL Server 2008.
+> [!NOTE]  
+> You can use certificate management in [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] Configuration Manager with earlier versions of [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)], starting with [!INCLUDE [sql2008-md](../../includes/sql2008-md.md)].
 
-##  <a name="provision-single-server-cert"></a> To install a certificate for a single SQL Server instance  
+## <a id="provision-single-server-cert"></a> Install a certificate for a single SQL Server instance
 
 ::: moniker range=">=sql-server-ver15"
-1. In SQL Server Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.  
+1. In [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.
 
-2. Right-click **Protocols for** *&lt;instance Name&gt;*, and then select **Properties**.  
+1. Right-click **Protocols for** *&lt;instance Name&gt;*, and then select **Properties**.
 
-3. Choose the **Certificate** tab, and then select **Import**.  
+1. Choose the **Certificate** tab, and then select **Import**.
 
-4. Select **Browse** and then select the certificate file.  
+1. Select **Browse** and then select the certificate file.
 
-5. Select **Next** to validate the certificate. If there are no errors, select **Next** to import the certificate to the local instance.  
+1. Select **Next** to validate the certificate. If there are no errors, select **Next** to import the certificate to the local instance.
 ::: moniker-end
 
 ::: moniker range="<= sql-server-2017"
-1. In SQL Server Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.  
+1. In [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.
 
-2. Right-click **Protocols for** *&lt;instance Name&gt;*, and then select **Properties**.  
+1. Right-click **Protocols for** *&lt;instance Name&gt;*, and then select **Properties**.
 
-3. Select a certificate from the  **Certificate** drop-down menu, and then select **Apply**.  
+1. Select a certificate from the  **Certificate** dropdown list menu, and then select **Apply**.
 
-4. Select **OK**. 
+1. Select **OK**.
 ::: moniker-end
 
-##  <a name="provision-failover-cluster-cert"></a> To install a certificate in a failover cluster instance configuration  
-  
-1. In SQL Server Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.
-  
-2. Right-click **Protocols for** *&lt;instance Name&gt;*, and then choose **Properties**. 
+## <a id="provision-failover-cluster-cert"></a> Install a certificate in a failover cluster instance configuration
+
+1. In [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.
+
+1. Right-click **Protocols for** *&lt;instance Name&gt;*, and then choose **Properties**.
+
+1. Choose the **Certificate** tab, and then select **Import**.
+
+1. Select the certificate type, and whether to import for the current node only, or for each individual cluster node.
+
+1. If installing for a single node, choose **Browse** and select certificate file. Then skip to step 8.
+
+1. If installing a certificate for each node, select **Next** to list possible owner nodes. Possible owners for the current FCI are preselected.
 
-3. Choose the **Certificate** tab, and then select **Import**.
+1. Choose **Next** to select the certificate to be imported.
 
-4. Select the certificate type, and whether to import for the current node only, or for each individual cluster node.
+1. Enter the password when prompted. Look for any warnings or errors after validation.
 
-5. If installing for a single node, choose **Browse** and select certificate file. Then skip to step 8.
+1. Select **Next** to import the selected certificates.
 
-6. If installing a certificate for each node, select **Next** to list possible owner nodes. Possible owners for the current failover cluster instance are pre-selected.
+> [!NOTE]  
+> Complete these steps in the active node of the FCI. User must have administrator permissions on all the cluster nodes.
 
-7. Choose **Next** to select the certificate to be imported.
+## <a id="provision-availability-group-cert"></a> Install a certificate in an availability group configuration
 
-8. Enter the password when prompted. Look for any warnings or errors after validation.
+1. In [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.
 
-9. Select **Next** to import the selected certificates.
+1. Right-click **Protocols for** *&lt;instance Name&gt;*, and then select **Properties**.
 
-> [!NOTE]
-> Complete these steps in the active node of the Always On failover cluster instance. User must have administrator permissions on all the cluster nodes.
+1. Choose the **Certificate** tab, and then select **Import**.
 
-##  <a name="provision-availability-group-cert"></a>To install a certificate in an Always On Availability Group configuration  
-  
-1. In SQL Server Configuration Manager, in the console pane, expand **SQL Server Network Configuration**.
-  
-2. Right-click **Protocols for** *&lt;instance Name&gt;*, and then select **Properties**.  
-  
-3. Choose the **Certificate** tab, and then select **Import**.  
-  
-4. Choose the certificate type and select **Next** to select from the list of known Availability Groups.  
+1. Choose the certificate type and select **Next** to select from the list of known AGs.
 
-5. Select **Next** to choose certificates for each replica node. Certificates should have a file name that matches the netbios name of the nodes.
+1. Select **Next** to choose certificates for each replica node. Certificates should have a file name that matches the netbios name of the nodes.
 
-6. Select **Next** to import the certificate on each node.
+1. Select **Next** to import the certificate on each node.
 
+> [!NOTE]  
+> Complete these steps from the node holding the AG primary replica. User must have administrator permissions on all the cluster nodes.
 
-> [!NOTE]
-> Complete these steps from the node holding the Availability Group primary replica. User must have administrator permissions on all the cluster nodes.
+## Next steps
 
+- [Certificate requirements for SQL Server](certificate-requirements.md)
+- [GRANT Certificate Permissions (Transact-SQL)](../../t-sql/statements/grant-certificate-permissions-transact-sql.md)
+- [REVOKE Certificate Permissions (Transact-SQL)](../../t-sql/statements/revoke-certificate-permissions-transact-sql.md)
