Mirror--如何對運行中的鏡像端點更換證書

若是使用證書配置鏡像時，沒有設置證書的時間，則默認證書有效期爲一年，當證書快過時時，須要更換證書。

下面代碼演示如何對正在運行的鏡像更換證書

--==================================================
--查找快過時的證書
USE [master]
GO
SELECT 
name AS CertificateName,
expiry_date AS ExpiryDate
FROM [master].[sys].[certificates]
WHERE expiry_date<'2020-01-01'
AND name NOT LIKE '##%'
GO
--查找鏡像服務器
SELECT DB_NAME(database_id) AS DatabaseName,
mirroring_partner_name
FROM [master].[sys].[database_mirroring]
WHERE mirroring_partner_name IS NOT NULL

--==================================================
--在主庫上建立證書並修改鏡像端點
USE master
GO
CREATE CERTIFICATE HOST_cert_3_1 WITH SUBJECT = 'HOST_cert_3_1' ,
START_DATE = '01/01/2010' , EXPIRY_DATE = '01/01/2099';
GO
BACKUP CERTIFICATE HOST_cert_3_1 TO FILE = 'D:\HOST_cert_3_1.cer'
GO
ALTER ENDPOINT Endpoint_Mirroring
FOR DATABASE_MIRRORING (AUTHENTICATION = CERTIFICATE HOST_cert_3_1)
GO
--==================================================
--在從庫上還原證書並受權用戶
USE [master]
GO
CREATE LOGIN [MirrorUser] WITH PASSWORD=N'MirrorUser@123',
DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
CREATE USER [MirrorUser] FOR LOGIN [MirrorUser]
GO
CREATE CERTIFICATE HOST_cert_3_1
AUTHORIZATION [MirrorUser]
FROM FILE='D:\HOST_cert_3_1.cer'
GO
GRANT CONNECT ON ENDPOINT::[Endpoint_Mirroring] TO [MirrorUser]
--==================================================
--在主庫上恢復數據庫鏡像
USE [master]
GO
ALTER DATABASE [mirrored_database_name] SET PARTNER RESUME
GO
 
--清除過時證書
DROP CERTIFICATE HOST_cert_3_1_old