I found next message in error log file /var/opt/mssql/log/errorlog:
Database Mirroring login attempt failed with error: 'Connection handshake failed. The certificate used by this endpoint was not found: Certificate expired.
For resolution this problem you should recreate certificates on primary and replica databases.
On primary server
1. Show current certificates
select name,expiry_date,* from sys.certificates2. Show endpoints
select * from sys.endpoints
select name,type_desc,port, * FROM sys.tcp_endpoints3. Create and export a new certificate
CREATE CERTIFICATE dbm2_certificate WITH SUBJECT = 'dbm2';
BACKUP CERTIFICATE dbm2_certificate
TO FILE = '/var/opt/mssql/data/dbm2_certificate.cer'
WITH PRIVATE KEY (
FILE = '/var/opt/mssql/data/dbm2_certificate.pvk',
ENCRYPTION BY PASSWORD = 'P@$$w0rd'
);4. Move a new certificate to replica server via ssh:
cd /var/opt/mssql/data
scp dbm2_certificate.* root@<node2>:/var/opt/mssql/data/On replica server
1. Change permissions of cert files:
cd /var/opt/mssql/data
chown mssql:mssql dbm2_certificate.*2. Import a new certificate in database
CREATE CERTIFICATE dbm2_certificate
FROM FILE = '/var/opt/mssql/data/dbm2_certificate.cer'
WITH PRIVATE KEY (
FILE = '/var/opt/mssql/data/dbm2_certificate.pvk',
DECRYPTION BY PASSWORD = 'P@$$w0rd'
);On both sides
ALTER ENDPOINT [Hadr_endpoint]
FOR DATABASE_MIRRORING (
AUTHENTICATION = CERTIFICATE dbm2_certificate
);