Inspiring

Answered

ColdFusion 2021 Data Source - An SSL socket connection could not be established because JRE 1.4

Forum|Forum|3 years ago
June 7, 2022
3 replies
4463 views

I am having trouble getting the keystore to work with ColdFusion 2021. I can not seem to get past the following error:

Connection verification failed for data source: <DBName>
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]An SSL socket connection could not be established because JRE 1.4 or above is required.

I went through the same steps that worked for ColdFusion 2018.

Using the Java Home folder from JVM Details in the Settings Summary run the following.

<JavaHome>\bin\keytool -importkeystore -srckeystore C:\ColdFusion2021\jdk-11.0.15.1\lib\security\<DBServerName>.pfx -srcstoretype pkcs12 -destkeystore C:\ColdFusion2021\jdk-11.0.15.1\lib\security\<DBServerName>.keystore -deststoretype pkcs12

When filling out the Microsoft SQL Server Data Source information I use the following Connection String.

EncryptionMethod=SSL;ValidateServerCertificate=true;TrustStore=C:\ColdFusion2021\jdk-11.0.15.1\lib\security\<DBServerName>.keystore;TrustStorePassword=<Password>;HostNameInCertificate=<hostname>

Any help would be grealy appreciated.

This topic has been closed for replies.

Correct answer Brad23632070vu7s

Let's assume for the moment that the connection string is good.

Take a look at the datasource settings in the Administrator (corresponding to the connection string). Test by setting server equal to the IP of the database server.

Hi BKBK,

I set the server equal to the IP and received the original error. On that same thought I removed the TrustStore information to see if I got the timeout error as before. I got a new error.

Connection verification failed for data source: <MyDB>

java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The server name in the certificate (<HostNameInCertificate>) does not match the value specified in the hostNameInCertificate connect option (<ServerIP>).

I set the server back to the server name and it connected!

So the solution that worked for our situation is:

Using cacerts instead of a keystore and not passing the KeyStore information in the connection string.

I used the following connection string:

EncryptionMethod=SSL;ValidateServerCertificate=true;

Thanks for all your help! I was just about to give up.

BKBK

Community Expert

<JavaHome>\bin\keytool -importkeystore -srckeystore C:\ColdFusion2021\jdk-11.0.15.1\lib\security\<DBServerName>.pfx -srcstoretype pkcs12 -destkeystore C:\ColdFusion2021\jdk-11.0.15.1\lib\security\<DBServerName>.keystore -deststoretype pkcs12

By @Brad23632070vu7s

The way you import the key looks complicated. Plus, it misses a password (I think).

I expected something like:

keytool -import -alias myCertificateAlias -file "\path\to\myCertFile.cer" -keystore C:\ColdFusion2021\jdk-11.0.15.1\lib\security\cacerts -storepass myPassword

B

Brad23632070vu7sAuthor

Inspiring

Hi BKBK,

When I tried using cacerts instead of the <DBServerName>.keystore file I did change to a different import command. I used the following:

keytool -import -trustcacerts -alias <DBServerName> -file C:\ColdFusion2021\jdk-11.0.15.1\lib\security\<DBServerName>.cer -keystore cacerts

I also had to export the certificate from the Database Server as a 'cer' because the 'pfx' certificate was giving me the following error:

keytool error: java.lang.Exception: Input not an X.509 certificate

Without the password parameter I am prompted to enter the password. I removed my cacerts file and added an original back and tried the following import command:

keytool -import -alias <DBServerName> -file C:\ColdFusion2021\jdk-11.0.15.1\lib\security\<DBServerName>.cer -keystore C:\ColdFusion2021\jdk-11.0.15.1\lib\security\cacerts -storepass <MyPassword>

I used the following connection string when testing the cacerts file:

EncryptionMethod=SSL;ValidateServerCertificate=true;TrustStore=C:\ColdFusion2021\jdk-11.0.15.1\lib\security\cacerts;TrustStorePassword=<MyPassword>;

Still getting the same error.

T

TheNephalim

Known Participant

Hi BKBK,

I set the server equal to the IP and received the original error. On that same thought I removed the TrustStore information to see if I got the timeout error as before. I got a new error.

Connection verification failed for data source: <MyDB>

java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The server name in the certificate (<HostNameInCertificate>) does not match the value specified in the hostNameInCertificate connect option (<ServerIP>).

I set the server back to the server name and it connected!

So the solution that worked for our situation is:

Using cacerts instead of a keystore and not passing the KeyStore information in the connection string.

I used the following connection string:

EncryptionMethod=SSL;ValidateServerCertificate=true;

Thanks for all your help! I was just about to give up.

Were you able to discern why this is working?

I ran into a similar situation in ColdFusion 2023. I eventually got it to work. The abbreviated version of the connection string worked. I added the HostNameInCertificate and that worked as well. If I changed the hostname to something invalid, I got the error message you indicated.

I'm confused as to why this is working, though. How is it validating without knowing which TrustStore is being used and without being provided a password with which to access the TrustStore? I decided to change the password for the cacerts to see if that impacted anything and it did not. If it does use cacerts, does Java have access to the password?

BKBK

Community Expert

Instead of

TrustStore=C:\ColdFusion2021\jdk-11.0.15.1\lib\security\<DBServerName>.keystore

should it perhaps be the following instead?

TrustStore=C:\ColdFusion2021\jdk-11.0.15.1\lib\security\cacerts

B

Brad23632070vu7sAuthor

Inspiring

Hi BKBK,

I exported the certificate from the database server as a <DBServerName>.cer and imported it to C:\ColdFusion2021\jdk-11.0.15.1\lib\security\cacerts

I changed the connection string to the following.

EncryptionMethod=SSL;ValidateServerCertificate=true;TrustStore=C:\ColdFusion2021\jdk-11.0.15.1\lib\security\cacerts;TrustStorePassword=<Password>;HostNameInCertificate=<hostname>

Still receiving the same error.

BKBK

Community Expert

Hmm. What happens when you try

C:\ColdFusion2021\jre\lib\security\cacerts

Priyank Shrivastava.

Community Manager

Hi @Brad23632070vu7s

Can you please change the ValidateServerCertificate from true to false and let me know if that resolve the issue.

Thanks,Priyank Shrivastava

B

Brad23632070vu7sAuthor

Inspiring

Hi Priyank,

I updated the ValidateServerCertificate to false and received the same error.

Charlie Arehart

Community Expert

I know this is from several months ago, but Brad you say here to Priyank that setting ValidateServerCertificate=false did NOT work, but the next day you wrote in messages with bkbk that it DID work.

I know in the end you got the certs working, but I want to chime in here to note that this HAS been the solution to that "JRE 1.4" error for some folks, so if they find this thread, they should not dismiss it as a possible option. 🙂

If you or anyone seeing this may have more to say on this, I'm sure many would welcome the discussion.

/Charlie (troubleshooter, carehart. org)

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded