Get-DbaNetworkCertificate

Synopsis

Retrieves the certificate currently configured for SQL Server network encryption.

Description

Retrieves the specific computer certificate that SQL Server is configured to use for network encryption and SSL connections. This shows you which certificate from the local certificate store is actively being used by the SQL Server instance for encrypting client connections. Only returns instances that actually have a certificate configured - instances without certificates won’t appear in the results. Useful for auditing SSL configurations, troubleshooting encrypted connection issues, and verifying certificate assignments across multiple instances.

Syntax

Get-DbaNetworkCertificate
    [[-SqlInstance] <DbaInstanceParameter[]>]
    [[-Credential] <PSCredential>]
    [-EnableException]
    [<CommonParameters>]

Examples

Example: 1

PS C:\> Get-DbaNetworkCertificate -SqlInstance sql2016

Gets computer certificate for the standard instance on sql2016 that is being used for SQL Server network encryption

Example: 2

PS C:\> Get-DbaNetworkCertificate -SqlInstance server1\sql2017

Gets computer certificate for the named instance sql2017 on server1 that is being used for SQL Server network encryption

Optional Parameters

-SqlInstance

The target SQL Server instance or instances. Defaults to standard instance on localhost. If target is a cluster, you must specify the distinct nodes.

-Credential

Alternate credential object to use for accessing the target computer(s).

-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with “sea of red” exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this “nice by default” feature off and enables you to catch exceptions with your own try/catch.