I have configured AE using SSMS on the database server installed with SQL Server 2016. The certificate created under Local Machine option displays the validity as one year.
I just want to know what is the difference between creating a certificate using SSMS and creating a self-signed certificate using PowerShell.
What is a self-signed certificate means in the context of data encryption?
Best Answer
You have much more control over the options used to create the self-signed certificate through Powershell. There is still the minimum options the certificate needs, but one example you've already mentioned is the valid date.
Other than that, the way it is done doesn't really matter. It's the output (certificate) that's needed.
In this case, not a whole lot. The SSMS cert is still a self signed cert. Self signing just means you're the only authority and no one else can claim you are who and or what you say you are which in this case, doesn't matter. The private and private keys will still be used to encrypt and decrypt regardless where the certificate was made, it just needs to be a valid cert.
You may or may not be bound by using an PKI ( Public Key Infrastructure) you have at your company or using HSM (Hardware Security Module) to store the keys versus just generating a local certificate on your machine for use in other places.