Server Service Broker Certificate Not Valid

Boopathi S 3,806 Reputation points
2024-12-01T16:26:07.05+00:00

Hello,

There is an alert configured for the below.

The SQL Server Service Broker certificate is not valid. Replication traffic between the parent and child SQL Servers cannot be encrypted and nor authenticated.

This is used in Configuration Manager.

Please let me know how and where in SQL or configuration manager to check the SQL Server Service Broker certificate is valid or not.

Microsoft Security | Intune | Configuration Manager | Other
SQL Server | Other
{count} votes

Accepted answer
  1. Greg Low 1,980 Reputation points Microsoft Regional Director
    2024-12-01T23:25:54.5433333+00:00

    In each database that's relevant, check for expired certificates:

    SELECT name, thumbprint, expiration_date, subject
    FROM sys.certificates
    WHERE expiration_date < GETDATE();

    You can also check for statuses related to active conversations:

    SELECT conversation_handle, message_type_name, message_body
    FROM sys.transmission_queue
    WHERE state = 'READY';

    If it's expired and you need to replace it, start by creating a new cert:

    CREATE CERTIFICATE NewCertificate WITH SUBJECT = 'Service Broker Certificate Replacement', EXPIRY_DATE = '2030-12-31';

    Create a new endpoint with the new certificate:

    DROP ENDPOINT IF EXISTS ServiceBrokerEndpoint;

    CREATE ENDPOINT ServiceBrokerEndpoint STATE = STARTED AS TCP (LISTENER_PORT = 4022) FOR SERVICE_BROKER ( AUTHENTICATION = CERTIFICATE NewCertificate );

    IF necessary, then alter the queues to use the new certificate.

    You'll probably need to end existing conversations using the previous certificate.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. ZoeHui-MSFT 41,491 Reputation points
    2024-12-02T06:01:18.7466667+00:00

    Hi @Boopathi S,

    You may run mmc and then check the certificate.

    User's image

    Regards,

    Zoe Hui


    If the answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.