Hi. I am DBA of SQL server 2014 Enterprise which is running on Windows Server 2012 R2.
I have added new server certificate to the DB server. After I confirmed the new server certificate are added correctly with correct FQDN name and expiration date from the MMC console of Certificate (Local Computer) > Personal > Certificate, then I right click the new cert > All Tasks > Manage Private Keys, and click "Add", and select "Service Accounts" from "Object Types", and enter service account name of SQL server service, and set only Read permission to it, and save the setting, and delete old server cert, then I reboot my DB server. However SQL Server service and SQL Server Agent service can not be started. I got following errors when I try to start it up manually.
I found the following error on Application event log.
----------------------------------------------
Event ID: 26014
Unable to load user-specified certificate [Cert Hash(sha1) "XXXXXXX"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.
------------------------------------------------
I believed that is it to add service account of SQL server service from manage private key to the new server cert. Is there any other process required on this matter? Any advice will be gratefully appreciated. Thank you..