I have set up database mirroring for TDE enabled database and they worked fine as far as I got all the key infrastructure identical on both Principal and mirrored SQL servers.
Now it is coming to our yearly key rotation practice for compliance. After I regenerate the DEK on principal server and also encrypt it with a newer certificate, the
mirroring is suspended and I am not able to resume it any more. (Although I have added this newer certificate to the mirrored server too.) It is understandable because now the DEK is out of sync.
However, what are the correct steps to do the key rotation in the mirroring scenario? The bottom line is:
I DO NOT want to set up mirroring again since our backups are huge and take very long time to copy the backups from principal server to mirrored server.
thanks for any input in advance.
View Complete Post