After implementing a certificate using the column master key with the Always Encrypted feature in SQL Server, the certificate expired after one year.

Question

I am using SQL Server's Always Encrypted feature to encrypt a few columns in the database using a master key that is protected by a self-signed certificate. The certificate is created using SQL 2016's Management Studio and always defaults to an expiration date that is one year ahead of the issue date - it is stored in the Windows Certificate Store for the current user.

Is it possible to extend the validity of this certificate to a value greater than a year?

More specifically, can a certificate required by AE be scripted - from my understanding, this certificate is different from the sql certificate created by the CREATE CERTIFICATE command and needs to be exported to a file format like pfx to be accessible by an Azure web app.

Also, can the data still be encrypted/decrypted if the certificate has expired?

![](https://learn-attachment.microsoft.com/api/attachments/029884fc-a3f9-4ccf-b851-a59b9087de1e?platform=QnA

Answer 1

Hello

Thank you for posting in Microsoft Community forum.

Based on the description, I understand your question is related to the SQL Server.

Since there are no engineers dedicated to SQL Server in this forum. in order to be able to get a quick and effective handling of your issue, I recommend that you repost your question in the Q&A forum, where there will be a dedicated engineer to give you a professional and effective reply.

Here is the link for Q&A forum.

Questions - Microsoft Q&A

Click the "Ask a Question" button in the upper right corner to post your question and select "SQL Server" tag.

Thank you for your understanding and support. If you have any question or concern, please feel free to let us know.

Have a nice day.

Best Regards,

Molly