Solomon Rutzky tries out various methods of loading certificates and private keys in SQL Server:
These results confirm that:
1. You can import a certificate from aVARBINARYliteral
2. You can import a private key when creating a certificate from aVARBINARYliteral
3. You cannot import a private key when creating a certificate from an assembly
4. Except when creating a certificate from an assembly, any combination of sources for the certificate (i.e. public key and meta-data) and the private key should be valid
It’s a long post with a lot of detail and quite a few tests, so check it out.