-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Shawn and Paul,
On 5/23/19 08:57, Shawn Heisey wrote: > On 5/23/2019 5:45 AM, Paul wrote: >> unable to find valid certification path to requested target > > This seems to be the root of your problem with the connection to > SQL server. > > If I have all the context right, Java is saying it can't validate > the certificate returned by the SQL server. > > This page: > > https://docs.microsoft.com/en-us/sql/connect/jdbc/connecting-with-ssl- encryption?view=sql-server-2017 > > > > Talks about a "trustCertificate" property you can set to "true" in > the JDBC URL that will cause Microsoft's JDBC driver to NOT > validate the server certificate. It would be much better to use the "trustStore" setting on the connection properties. As Shawn mentions later in this thread: On 5/23/19 12:06, Shawn Heisey wrote: > Enabling SSL should have no *direct* effect on JDBC. > > But it might have an indirect effect by changing some of Java's > SSL settings that in turn could filter down to the JDBC driver. You have probably been relying on the JVM's VM-wide default trust store and when you change that, your SSL connections to SQL Server no longer work. I would argue that it is always a best-practice to configure trust stores separately for every type of connection. So, if you follow the link above you can read about the "trustStore" connection parameter and point that config setting at a trust store which contains the SQL Server's TLS certificate -- that your application should trust. I think that will clear-up your issue. You may also with to set the "trustStorePassword" and "trustStoreType" options as well. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzoVekACgkQHPApP6U8 pFjxDw/9EhDR1Pgxta9s05htdChMhuD+zpCTRPMvnppQoAQ6Qa5XCeSuVGaRNuGG uDkJam93k/zxpLUoDSXmTxivKOoCljqdL3dDBEFzuuefrCTT3Hea4yCzzRJpjQa4 vttVBFJZdfvkjzMy1r3gtHe+IfMnYa404PKqNB+J9JTmsE2J/6cfbQ7/NzQPJ5p1 X1zQGlvhTSICkuqtuj+nuAh2WtrZpkG578N9STUfyCMcYHQqvZKNfo814Su1sBi4 PgKm0duc3QGS97kLf7qmsOq2hcbi2bF4snLw/Nii25pyLLKsw2mgpqKrVCPlCI3B ic5cFGfMkJvwfakORFMeUV6oLAAY2wkm/itDPGkN/Iifsdx5SjqRa/z56k7FbOx5 y0Bt1lKJm+CJg+OcUq+qWIoZKSyqn6CjuOJmgq2UZQJlG24GUDhLNFPP/qHeA5/E vaL7kJBcshPpAIFtg8r6T07mwfA9n0c0JKrp0a3RSzk22xVn5Uy44MAWd/z7jMhR QU9UiOOJ+p8Om02td5UMv93liVB4xqA1biZ0l4LaIGIbbxDin4XZI3Ww2vWdSb8s 8famu8OFPBJ9IWjBqx6X48BscDIJVv3oYDBdfOS9LlVlGOG9sWI3/hu33Z9OOM4F r4aoxgeD7fHj5G6vgkCkJ7FSHcdiy9NsIwQcyhUu9JgHIj6UNHU= =ksmI -----END PGP SIGNATURE-----
