• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

ColdFusion 2023: An SSL socket connection could not be established because JRE 1.4 or above required

Explorer ,
Jul 10, 2024 Jul 10, 2024

Copy link to clipboard

Copied

The following connection string worked in ColdFusion 2018:

 

EncryptionMethod=SSL;ValidateServerCertificate=true;HostNameInCertificate=SQL-SERVER;TrustStore=e:\Java\jdk-11.0.13\lib\security\cacerts;TrustStorePassword=[mypassword]

 

When I attempted the connection, I got the error message:  An SSL socket connection could not be established because JRE 1.4 or above required

 

I attempted to connect without requiring SSL, but got a different error which I resolved by adding AuthenticationMethod=NTLM.

 

After resolving that, I added the above to the connection string, but got the same error.  I figured the issue was the fact that I have ColdFusion running on jdk-17.0.11.  I went ahead and created a new truststore like we did in production and imported all three of the certificates.  

 

Same error.

 

I ran across a post with similar problems where the recommendation was to use cacerts instead of a custom truststore.  I imported the certificates using the following commands into the cacerts truststore:

 

E:\Java\jdk-17.0.11\bin\keytool -import -v -trustcacerts -cacerts -storepass [mypassword] -noprompt -alias my_root_ca -file C:\Temp\test-server-certificates\my_root_ca.crt


E:\Java\jdk-17.0.11\bin\keytool -import -v -trustcacerts -cacerts -storepass [mypassword]-noprompt -alias my_intermediate_ca -file C:\Temp\test-server-certificates\my_intermediate_ca.crt


E:\Java\jdk-17.0.11\bin\keytool -import -v -trustcacerts -cacerts -storepass [mypassword] -noprompt -alias sql-server -file C:\Temp\sql_server_certificates\sql-server.dc3n.navy.mil\sql-server.cert.crt

The connection string works:

 

AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=false

 

The following connection strings do not work:

 

AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=true;HostNameInCertificate=SQL-SERVER;TrustStore=E:\Java\jdk-17.0.11\lib\security\cacerts;TrustStorePassword=changeit


java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]An SSL socket connection could not be established because JRE 1.4 or above is required.

 

AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=false;HostNameInCertificate=SQL-SERVER;TrustStore=E:\Java\jdk-17.0.11\lib\security\cacerts;TrustStorePassword=changeit


java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]An SSL socket connection could not be established because JRE 1.4 or above is required.

 

AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=false;HostNameInCertificate=SQL-SERVER;TrustStore=E:\Java\jdk-17.0.11\lib\security\cacerts;TrustStorePassword=changeit


java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]An SSL socket connection could not be established because JRE 1.4 or above is required.

 

AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=true


java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]SSL handshake failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

 

Any assistance you can provide is greatly appreciated because this is driving me bonkers.  As you can see, I can get it to work if I don't validate the certificate, but I would prefer to do things the proper and more secure way.

TOPICS
Database access , Security , Server administration

Views

107

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jul 10, 2024 Jul 10, 2024

Copy link to clipboard

Copied

LATEST

After importing the certificates, I did restart the ColdFusion service.

I tried the different combinations of the connection strings and they appeared not to work.  However, I just went back in and tried the following:

 

AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=true;

 

It worked.  

 

When you add the references to the hostname, the truststore path, and the truststore password, it bombs out.

 

Does anyone understand why the abbreviated form works and specifying the aforementioned parameters makes it throw an error?

 

How is it validating the certificate if it doesn't have a TrustStore and no password with which to access it?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation