I have configured Always Encrypted on a custom database using SQL Server 2016. By default, it creates the certificate with a validity of one year.
Is there any workaround to create this certificate for two or three years at the very beginning stage?
I don't want to rotate the key every year in our production environment rather create the certificate at least for two or three years.
Experts advise please.
Best Answer
When this first came out I had a blog post on this, creating the certificate via Powershell: https://justdaveinfo.wordpress.com/2015/10/15/always-on-encrypted-generating-certificates-and-column-encryption-key-encrypted_value/
Checking the documentation for the Powershell cmdlet New-SelfSignedCertificate you should be able to use "-NotAfter (Get-Date).AddMonths(24)"
https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps