Share via

When trying to create a SQL Managed Instance link, we keep receiving a "Create Failed for 'New Certificate'." error.

JoeP 0 Reputation points
2025-12-04T17:19:42.7333333+00:00

When trying to create a SQL Managed Instance link, we keep receiving a "Create Failed for 'New Certificate'." error. We have tried every instruction in documents we were able to find online. We've created master keys, we've verified certificates, we've tried manually creating certificates even though the docs say it will be automatically created. We are stuck.

Azure SQL Database

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manoj Kumar Boyini 1,660 Reputation points Microsoft External Staff Moderator
    2025-12-08T10:59:12.71+00:00

    Hi JoeP,

    The error “Create failed for 'New Certificate’” usually means SQL Server cannot validate the Managed Instance certificate chain—not that certificate creation itself is broken. This happens when SQL Server is missing required CUs, missing Azure root CA certificates, or cannot reach MI on port 5022.

    Check SQL Server build & CU level

    SELECT @@VERSION;

    EXEC sp_help 'sp_certificate_add_issuer';

    If sp_certificate_add_issuer is missing update SQL Server (most common cause)

    Import Azure Root CA Certificates SQL Server must trust DigiCert/Microsoft CAs for MI. https://dori-uw-1.kuma-moon.com/azure/security/fundamentals/certificate-authorities

    Verify network connectivity to MI on port 5022

    Test-NetConnection <mi-fqdn> -Port 5022

    Remove leftover certificates/endpoints (if previous attempts failed)

    DROP ENDPOINT IF EXISTS [MIRRORING];
    DROP CERTIFICATE IF EXISTS [MI_LINK_CERT];

    Once SQL Server has the required CU, trusted CA certs, and connectivity, the link wizard will successfully create the certificate.

    What is the output of SELECT @@VERSION?
    Does sp_certificate_add_issuer exist on your server?
    Have Azure CA certificates been imported?
    Does port 5022 connectivity succeed?

    Helpful References:
    https://dori-uw-1.kuma-moon.com/en-us/sql/sql-server/azure-arc/migration-sql-mi-prepare-link?view=sql-server-ver17
    https://dori-uw-1.kuma-moon.com/en-us/azure/azure-sql/managed-instance/managed-instance-link-configure-how-to-scripts?view=azuresql&tabs=sql-server

    Please let us know if you have any questions and concerns.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.