Server Trust Certificates - Create Or Update

Uploads a server trust certificate from box to Sql Managed Instance.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/serverTrustCertificates/{certificateName}?api-version=2021-11-01

URI Parameters

Name In Required Type Description
certificateName
path True

string

Name of of the certificate to upload.

managedInstanceName
path True

string

The name of the managed instance.

resourceGroupName
path True

string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

subscriptionId
path True

string

The subscription ID that identifies an Azure subscription.

api-version
query True

string

The API version to use for the request.

Request Body

Name Type Description
properties.publicBlob

string

The certificate public blob

Responses

Name Type Description
200 OK

ServerTrustCertificate

Certificate already existed.

201 Created

ServerTrustCertificate

Certificate is successfully created.

202 Accepted

Accepted request for creating server trust certificate.

Other Status Codes

*** Error Responses: ***

  • 400 NameAlreadyExists - The provided name already exists.

  • 400 InvalidCollation - Invalid collation.

  • 400 ProvisioningDisabled - Displays error message from resources operation authorizer as is, without changes

  • 400 RegionDoesNotAllowProvisioning - The selected location is not accepting new Windows Azure SQL Database servers. This may change at a later time.

  • 400 UnableToResolveRemoteServer - The remote partner server name could not be resolved due to an invalid server name or DNS connectivity issues.

  • 400 HkCannotSwitchToInactive - The database cannot proceed with pricing-tier update as it has memory-optimized objects. Please drop such objects and try again.

  • 400 TokenTooLong - The provided token is too long.

  • 400 CloudLifterUnsupportedFeature - The functionality is not available on the Managed Instance at this time.

  • 400 ManagedInstanceSloUpdateFailed - SLO '{0}' operation cannot succeed as the memory usage of '{1}' exceeds the quota.

  • 400 OperationCanNotStartDueToMiLink - The '{0}' operation cannot be completed as there exists a database in a process of creation through Managed Instance link. Please wait for the link creation to complete, or delete the link, and retry the operation again.

  • 400 ManagedInstanceLocalStorageUpdateSloDisabled - Update SLO for managed instances with local storage is not supported yet.

  • 400 InvalidSubnetResourceId - The provided subnet resource ID for the managed instance create or update is invalid.

  • 400 VnetInWrongRegion - Virtual network is in wrong region.

  • 400 AlterDbDeactivatedNotSupported - Database Operation failed for Server '{0}', Database '{1}' due to unexpected delay. Please try again.

  • 400 VnetAddressRangeError - Virtual network address range is invalid.

  • 400 RegionDoesNotSupportVersion - A user attempted to create a server of a specified version in a location where that server version isn't supported.

  • 400 VnetConfigIsNotAllowed - Virtual network configuration is not allowed.

  • 400 InstanceFailoverGroupDoesNotExist - Failover group does not exist on a server.

  • 400 ManagedInstanceClassicVnetNotSupported - Managed Instance cannot be joined to a classic virtual network.

  • 400 VnetConfigHasNsg - User tried to inject Managed Server subnet with Network Security Groups.

  • 400 VnetConfigHasNoUdr - User tried to inject Managed Server subnet without default User Defined Route Table.

  • 400 VnetConfigHasInvalidUdr - User tried to inject Managed Server subnet with invalid User Defined Route Table.

  • 400 VnetConfigHasInvalidDns - User tried to inject Managed Server subnet with invalid custom DNS.

  • 400 VnetConfigHasServiceEndpoints - User tried to inject Managed Server subnet with service endpoints.

  • 400 VnetSubnetIsInUse - User tried to inject Managed Server subnet that is not empty.

  • 400 VnetSubnetIsLocked - User tried to inject Managed Server subnet that is in locked scope.

  • 400 VnetSubnetIsGateway - User tried to inject Managed Server subnet that is Gateway subnet.

  • 400 VnetSubnetIsUnknown - User tried to inject Managed Server subnet that does not exist.

  • 400 VnetSubnetConflictWithIntendedPolicy - User tried to inject Managed Server subnet that has a conflict with IntendedPolicy.

  • 400 ManagedInstanceInvalidEditionForSku - The specified edition {0} is not consistent with the specified SKU {1}.

  • 400 ManagedInstanceInvalidLicenseType - The specified license type {0} is not valid.

  • 400 ManagedInstanceUpdateSloInProgress - "The operation could not be completed because a service tier change is in progress for managed instance '{0}.' Please wait for the operation in progress to complete and try again."

  • 400 VnetResourceNotFound - Resource not found: '{0}'.

  • 400 InstanceCollationUpdateNotSupported - User cannot change instance collation on Managed Instance.

  • 400 CreateManagedInstanceWithNonDefaultCollationNotSupported - User can create a Managed Instance only with collation 'SQL_Latin1_General_CP1_CI_AS'.

  • 400 ManagedInstanceOperationInProgress - The operation could not be completed because {0} operation is in progress. Please wait for the operation in progress to complete and try again.

  • 400 ManagedInstanceExceedMaxAzureStorage - The operation could not be completed because total allocated storage size for General Purpose instance would exceed {0}. Please reduce the number of database files and retry operation.

  • 400 ManagedInstanceHasGeoReplica - The operation could not be completed because instance has configured geo replicated secondary instance.

  • 400 InvalidDnsZone - The operation has failed because you are attempting to deploy managed instance as a geo-replication secondary to the subnet {0} in which there already exists a managed instance. Deploying managed instance as a geo-replication secondary is supported only in cases when managed instance is the first instance deployed in a subnet. Consider deploying managed instance as a geo-replication secondary to a different subnet in which there are no existing managed instances, or if deploying to a subnet with existing managed instance disable the geo-replication option.

  • 400 ManagedInstanceInvalidStorageSizeLessThenCurrentSizeUsed - Invalid storage size: Storage size limit ({0} GB) is less that current storage used ({1} GB). Please specify higher storage size limit.

  • 400 InvalidTimezone - Invalid timezone.

  • 400 InstanceTimezoneUpdateNotSupported - Instance timezone update not supported.

  • 400 CreateManagedInstanceWithNonDefaultTimezoneNotSupported - Create Managed Instance with non-default timezone not supported.

  • 400 ManagedInstanceIpAddressRangeLimit - Cannot perform creation/scaling of the managed instance as there are not enough available IP addresses in the subnet for performing the operation.

  • 400 VnetDelegationNotAllowed - User tried to inject Managed Server to subnet which is delegated.

  • 400 SubnetHasResourcesOfDifferentType - User tried to create MI in subnet that has resources of different type.

  • 400 UpdateManagedServerWithMaintenanceWindowNotAllowed - Update of Managed Instance with maintenance window settings is not allowed.

  • 400 VnetPrepareNIPFailed - User tried to prepare subnet that has a conflict with NetworkIntentPolicy.

  • 400 ManagedInstanceDeprecatedHardwareFamily - Changing the hardware generation to deprecated {0} generation is not possible.

  • 400 ManagedInstanceBackupStorageTypeNotSupported - Backup storage type parameter is not allowed in the instance update operation.

  • 400 EmptyPDCInvalidDnsZone - This managed instance cannot be deployed because its DNS-zone does not match the DNS-prefix of its intended virtual cluster for subnet {0}. Although this virtual cluster is empty, its DNS-prefix cannot be changed. Empty virtual clusters will be automatically removed after several hours. Consider waiting for this virtual cluster to expire or manually deleting this virtual cluster and then creating the managed instance.

  • 400 MissingIdentityId - No user assigned identity is provided when the identity type is set to UserAssigned

  • 400 InvalidPrimaryIdentityId - User provides a value for PrimaryUserIdentityId but the same is not listed in the IdentityId parameter

  • 400 ManagedInstanceZoneRedudantFeatureNotSupported - ZoneRedundant feature is not supported for the selected service tier. For more details visit aka.ms/sqlmi-service-tier-characteristics.

  • 400 ManagedInstanceZoneRedudantFeatureCantBeEnabled - Enabling zoneRedundant feature is not possible once managed instance is created. For more details visit aka.ms/sqlmi-high-availability.

  • 400 ManagedInstanceZoneRedudantFeatureCantBeDisabled - Disabling zoneRedundant feature is not possible once managed instance is created. For more details visit aka.ms/sqlmi-high-availability.

  • 400 UmiMissingAkvPermissions - PrimaryUserAssignedIdentityId provided by user does not have access to KeyId provided

  • 400 MissingPrimaryIdentity - PrimaryUserAssignedIdentityId provided by user does not have access to KeyId provided

  • 400 SubnetIdCantBeUpdated - Changing managed instance subnet is not supported operation. Please remove this parameter from the request.

  • 400 MigrationToAnotherVNetNotSupported - Selected subnet is in another Virtual Network. Moving managed instance to another Virtual Network is not possible. Please provide subnet from Virtual Network {0}.

  • 400 MigrationToSubnetWithDifferentDnsZoneNotSupported - Provided subnet is having different DNS zone from the current. Changing instance DNS zone is not supported. Please provide subnet with same DNS zone, create a new subnet or provide empty one.

  • 400 MigrationToGen4SubnetNotSupported - It is not possible to update subnet while running on Gen4 hardware as it is being deprecated. Please upgrade your hardware from Gen4 to Gen5 as part of the changing managed instance subnet operation by specifying both parameters at the same time: destination subnet and hardware generation.

  • 400 PrimaryIdentityMissingPermissionForKeyId - KeyId is provided by user during create but PrimaryUserAssignedIdentityId is not provided in the API call

  • 400 InvalidIdentityTypeForKeyId - KeyId is provided by user during create but identity type is not set to 'UserAssigned'

  • 400 ServerNotFound - The requested server was not found.

  • 400 ManagedInstanceFileExceededMaxAzureStorageFileSizeLimit - The operation could not be completed because some of the database files are exceeding maximum General Purpose file size limit of {0} GB.

  • 400 ManagedInstanceStoppingOrStopped - Conflicting operation submitted while instance is in stopping/stopped state

  • 400 ManagedInstanceStarting - Conflicting operation submitted while instance is in starting state

  • 400 InstancePoolNotEnoughCapacity - An instance pool does not have enough capacity

  • 400 SourceAndTargetSubnetsMustBeVnetPeered - Subnet currently used by managed instance and provided destination subnet are part of the virtual networks that are not connected with virtual network peering, or have peering established but don't have allowed traffic. In order to move managed instance from one subnet to another, virtual network peering needs to be established from both source and target virtual network. Please configure virtual network requirements and then try the operation again. Learn more https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal#peer-virtual-networks.

  • 400 ManagedInstanceAndSubnetAreNotOnTheSameSubscription - Subnet provided for managed instance deployment is located on subscription different than the one submitted for managed instance. Managed instance and subnet used for deploying the instance must be on the same subscription. Please provide another subnet or switch to the subnet subscription and then try the operation again.

  • 400 CreateManagedInstanceInvalidSubnetSize - User attempted to create managed instance in a subnet that is smaller than the allowed minimal subnet size.

  • 400 AddressRangeOfTargetSubnetAndSubnetOfGeoDRReplicaCantOverlap - Subnet selected for managed instance migration has address range that overlaps with address range of subnet that holds geo replicated secondary instance. Please verify that your subnet is configured according to guidelines in https://aka.ms/move-managed-instance.

  • 400 TargetSubnetMustBeConfiguredToAllowGeoDRReplication - Subnet selected for managed instance migration is not configured to enable communication with a geo replicated secondary instance. Please check if all of the required ports are open. To properly configure your subnet read the guidelines in https://aka.ms/move-managed-instance.

  • 400 InvalidIdentifier - The identifier contains NULL or an invalid unicode character.

  • 400 InvalidLoginName - The provided login name is invalid.

  • 400 InvalidUsername - Supplied user name contains invalid characters.

  • 400 PasswordTooShort - The provided password is too short

  • 400 PasswordTooLong - The provided password is too long.

  • 400 PasswordNotComplex - The provided password is not complex enough.

  • 400 GatewayInvalidEdition - '{0}' is not a valid database edition in this version of SQL Server.

  • 400 InvalidLocation - An invalid location was specified.

  • 400 InvalidParameterValue - An invalid value was given to a parameter.

  • 400 InvalidServerName - Invalid server name specified.

  • 400 MissingPublicBlob - The public blob is missing.

  • 400 InvalidPublicBlob - Invalid public blob specified, reason: '{0}'.

  • 400 MissingCertificateName - The certificate name is missing.

  • 400 CertificateAlreadyExists - A certificate with a given name already exists or this certificate already has been added to the database.

  • 404 ResourceNotFound - The requested resource was not found.

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.

  • 404 OperationIdNotFound - The operation with Id does not exist.

  • 404 ResourceDoesNotExist - Resource with the name '{0}' does not exist. To continue, specify a valid resource name.

  • 404 InstancePoolNotFound - An instance pool cannot be found

  • 404 SubscriptionNotFound - The requested subscription was not found.

  • 405 InvalidVcoreValue - vCore value {0} is not valid. Please specify a valid vCore value.

  • 405 InvalidHardwareGenerationValue - HardwareGeneration {0} is not valid. Please specify a valid HardwareGeneration value.

  • 405 InvalidStorageSizeValue - "Invalid storage size: {0} GB. Storage size must be specified between {1} and {2} gigabytes, in increments of {3} GB.

  • 409 OperationCancelled - The operation has been cancelled by user.

  • 409 OperationInterrupted - The operation on the resource could not be completed because it was interrupted by another operation on the same resource.

  • 409 ConflictingServerOperation - An operation is currently in progress for the server.

  • 409 SubscriptionDisabled - Subscription is disabled.

  • 409 ServerOverridePreconditionFailed - Failed to apply server override on category '{0}', because physical db or instance '{1}' in server '{2}' is currently not in 'Ready' or 'Deactivated' state.

  • 409 ManagedInstanceIsBusy - The server '{0}' is currently busy. Please wait a few minutes before trying again.

  • 409 ServerAlreadyExists - Duplicate server name.

  • 409 ServerDisabled - Server is disabled.

  • 409 ServerQuotaExceeded - Server cannot be added to a subscription because it will exceed quota.

  • 429 SubscriptionTooManyCreateUpdateRequests - Requests beyond max requests that can be processed by available resources.

  • 429 SubscriptionTooManyRequests - Requests beyond max requests that can be processed by available resources.

  • 429 ConflictingSubscriptionOperation - An operation is currently in progress for the subscription.

  • 429 SubscriptionTooManyCreateUpdateRequests - Requests beyond max requests that can be processed by available resources.

  • 429 SubscriptionTooManyRequests - Requests beyond max requests that can be processed by available resources.

  • 500 OperationTimedOut - The operation timed out and automatically rolled back. Please retry the operation.

  • 500 GatewayInternalServerError - The server encountered an unexpected exception.

  • 503 TooManyRequests - Requests beyond max requests that can be processed by available resources.

  • 503 TooManyRequests - Requests beyond max requests that can be processed by available resources.

  • 504 RequestTimeout - Service request exceeded the allowed timeout.

Examples

Create server trust certificate.

Sample request

PUT https://management.azure.com/subscriptions/0574222d-5c7f-489c-a172-b3013eafab53/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/serverTrustCertificates/customerCertificateName?api-version=2021-11-01

{
  "properties": {
    "publicBlob": "308203AE30820296A0030201020210"
  }
}

Sample response

{
  "properties": {
    "thumbprint": "33702D20EC86119985283",
    "certificateName": "customerCertificateName"
  },
  "id": "/subscriptions/0574222d-5c7f-489c-a172-b3013eafab53/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/serverTrustCertificates/customerCertificateName",
  "name": "customerCertificateName",
  "type": "Microsoft.Sql/managedInstances/serverTrustCertificates"
}
{
  "properties": {
    "thumbprint": "33702D20EC86119985283",
    "certificateName": "customerCertificateName"
  },
  "id": "/subscriptions/0574222d-5c7f-489c-a172-b3013eafab53/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/serverTrustCertificates/customerCertificateName",
  "name": "customerCertificateName",
  "type": "Microsoft.Sql/managedInstances/serverTrustCertificates"
}

Definitions

ServerTrustCertificate

Server trust certificate imported from box to enable connection between box and Sql Managed Instance.

Name Type Description
id

string

Resource ID.

name

string

Resource name.

properties.certificateName

string

The certificate name

properties.publicBlob

string

The certificate public blob

properties.thumbprint

string

The certificate thumbprint

type

string

Resource type.