• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

ColdFusion 2021 connection to SQL Server over SSL

New Here ,
Mar 01, 2022 Mar 01, 2022

Copy link to clipboard

Copied

I am attempting -- unsuccessfully -- to establish SSL connectivity to SQL Server 2019 from ColdFusion 2021 Enterprise running on Tomcat 9. Tomcat itself is configured with SSL and its own separate web server certificate. I have previously been able to connect ColdFusion Standard 2016 to the SQL instance from a different server, so I'm fairly sure the SQL instance is configured properly.

 

The Java version for CF is 11.0.14 -- I have checked to make sure that Tomcat and CF are actually running this version of the JVM. I have added the root CA, the web server certificate, and the SQL Server cert to the Java keystore in cacerts for this Java instance. I have also added EncryptionMethod and other parameters to the Connection String in the datasource definition, and pointed it to the correct Java keystore with the correct password.

 

This is what I get when I try to add the datasource:

SSL socket connection could not be established because JRE 1.4 or above is required.

 

I don't understand this, because I'm running a recent edition of Java. The same thing happened with the installation default version of 11.0.11. I suspect this error message may be covering up a different issue, but I don't know what it could be. Can anybody tell me what this might mean?! Thanks!

TOPICS
Database access

Views

1.1K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 04, 2022 Mar 04, 2022

Copy link to clipboard

Copied

I can think of a problem from one of two sources:

  1. TLS version error: Does the database server use TLS v1 or TLS v1.1 perhaps? If so, then that will be the likely cause of the error. TLS versions 1.0 and 1.1 are disabled by default from Java 11.0.11 onwards. 
  2. Certificate import error: What is the full DOS command that you used to import the certificates into ColdFusion?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 04, 2022 Mar 04, 2022

Copy link to clipboard

Copied

Thanks! For Q1, it's SQL 2019, so it does support TLS 1.2 out of the box; on the OS, TLS 1.0 and 1.1 have been disabled in the registry. I went back and ran some tests, and can verify that the old protocols are really disabled.

 

For Q2 (with actual system paths and passwords redacted):

(from CMD as administrator)

 

{JAVA_HOME}\bin\keytool -importcert -alias sqlserver -file {\filepath}\mycertificate.cer -keystore {JAVA_HOME}\lib\security\cacerts -storepass mykeystorepassword -noprompt

 

{JAVA_HOME}\bin\keytool -list -alias sqlserver -keystore {JAVA_HOME}\lib\security\cacerts -storepass mykeystorepassword

 

I just tried it from a different connection, using a brand-new instance of CF 2018 Enterprise/Zulu Java 11 on a different box. Connected without any difficulty. I suspect it might have something to do with my local settings.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 05, 2022 Mar 05, 2022

Copy link to clipboard

Copied

Could you share the contents of jvm.config for the instance that is failing to connect? It might contain a TLS-relevant clue.

 

In fact, an experiment you could do is:

  1.  Make a back-up of the jvm.config file.
  2.  Use instead a copy of the jvm.config file from the instance that can connect, making the necessary environment changes.  
  3.  Restart ColdFusion.
  4.  Run a query in CF against the SQL Server 2019 database.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 14, 2022 Jun 14, 2022

Copy link to clipboard

Copied

We are having the same issue. We replaced the cert, tried accessing from 2 diffrent web servers. Still "An SSL socket connection could not be established because JRE 1.4 or above is required. We also upgraded to patch 4. Please help!!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 21, 2022 Jun 21, 2022

Copy link to clipboard

Copied

LATEST

Someone else reported the same issue in this very forum. And they found a solution! 🙂

 

It may be worth your while to follow the recommendations in the thread: https://community.adobe.com/t5/coldfusion-discussions/coldfusion-2021-data-source-an-ssl-socket-conn... 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation