Skip to main content
M
Magnolia2310483946uv
Participating Frequently
March 1, 2022
Question

ColdFusion 2021 connection to SQL Server over SSL

  • March 1, 2022
  • 1 reply
  • 1832 views

I am attempting -- unsuccessfully -- to establish SSL connectivity to SQL Server 2019 from ColdFusion 2021 Enterprise running on Tomcat 9. Tomcat itself is configured with SSL and its own separate web server certificate. I have previously been able to connect ColdFusion Standard 2016 to the SQL instance from a different server, so I'm fairly sure the SQL instance is configured properly.

 

The Java version for CF is 11.0.14 -- I have checked to make sure that Tomcat and CF are actually running this version of the JVM. I have added the root CA, the web server certificate, and the SQL Server cert to the Java keystore in cacerts for this Java instance. I have also added EncryptionMethod and other parameters to the Connection String in the datasource definition, and pointed it to the correct Java keystore with the correct password.

 

This is what I get when I try to add the datasource:

SSL socket connection could not be established because JRE 1.4 or above is required.

 

I don't understand this, because I'm running a recent edition of Java. The same thing happened with the installation default version of 11.0.11. I suspect this error message may be covering up a different issue, but I don't know what it could be. Can anybody tell me what this might mean?! Thanks!

This topic has been closed for replies.

1 reply

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
March 4, 2022

I can think of a problem from one of two sources:

  1. TLS version error: Does the database server use TLS v1 or TLS v1.1 perhaps? If so, then that will be the likely cause of the error. TLS versions 1.0 and 1.1 are disabled by default from Java 11.0.11 onwards. 
  2. Certificate import error: What is the full DOS command that you used to import the certificates into ColdFusion?
M
Magnolia2310483946uvAuthor
Participating Frequently
March 4, 2022

Thanks! For Q1, it's SQL 2019, so it does support TLS 1.2 out of the box; on the OS, TLS 1.0 and 1.1 have been disabled in the registry. I went back and ran some tests, and can verify that the old protocols are really disabled.

 

For Q2 (with actual system paths and passwords redacted):

(from CMD as administrator)

 

{JAVA_HOME}\bin\keytool -importcert -alias sqlserver -file {\filepath}\mycertificate.cer -keystore {JAVA_HOME}\lib\security\cacerts -storepass mykeystorepassword -noprompt

 

{JAVA_HOME}\bin\keytool -list -alias sqlserver -keystore {JAVA_HOME}\lib\security\cacerts -storepass mykeystorepassword

 

I just tried it from a different connection, using a brand-new instance of CF 2018 Enterprise/Zulu Java 11 on a different box. Connected without any difficulty. I suspect it might have something to do with my local settings.

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
March 5, 2022

Could you share the contents of jvm.config for the instance that is failing to connect? It might contain a TLS-relevant clue.

 

In fact, an experiment you could do is:

  1.  Make a back-up of the jvm.config file.
  2.  Use instead a copy of the jvm.config file from the instance that can connect, making the necessary environment changes.  
  3.  Restart ColdFusion.
  4.  Run a query in CF against the SQL Server 2019 database.
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices