I'm attempting to get SQL Server Service Broker working across database instances and an at the stage of copying certificates (from initiator to target and vice versa). I can back up the certificate to a file but once created I can't open the file or copy it to any other location. If I try and open the file I get a message box with the title "Invalid Public Key Security Object File" and the message "Access is denied.".
The server is within the local domain and is running Windows Server 2008 R2 Enterprise with SP1.
This works (but I cannot do anything with the file):
BACKUP CERTIFICATE UserCertificateB TO FILE='C:\Certs\UserCertificateB.cer';
This doesn't work:
BACKUP CERTIFICATE UserCertificateB TO FILE='\\localmachine\Certs\UserCertificateB.cer';
Error message is:
Msg 15240, Level 16, State 1, Line 2 Cannot write into file '\localmachine\Certs\UserCertificateB.cer'. Verify that you have write permissions, that the file path is valid, and that the file does not already exist.
I can back up the certificate to a file but once created I can't open the file or copy it to any other location.
Yes, the access is restricted to the SQL Server service account. Grant permissions as appropriate on the file, using an administrative account. Use icacls.
Cannot write into file '\localmachine\Certs...'
You are doing a 'double hop' so it requires Kerberos constrained delegation. Contact your network administrator to set it up properly for you.