ColdFusion 2023: An SSL socket connection could not be established because JRE 1.4 or above required
The following connection string worked in ColdFusion 2018:
EncryptionMethod=SSL;ValidateServerCertificate=true;HostNameInCertificate=SQL-SERVER;TrustStore=e:\Java\jdk-11.0.13\lib\security\cacerts;TrustStorePassword=[mypassword]
When I attempted the connection, I got the error message: An SSL socket connection could not be established because JRE 1.4 or above required
I attempted to connect without requiring SSL, but got a different error which I resolved by adding AuthenticationMethod=NTLM.
After resolving that, I added the above to the connection string, but got the same error. I figured the issue was the fact that I have ColdFusion running on jdk-17.0.11. I went ahead and created a new truststore like we did in production and imported all three of the certificates.
Same error.
I ran across a post with similar problems where the recommendation was to use cacerts instead of a custom truststore. I imported the certificates using the following commands into the cacerts truststore:
E:\Java\jdk-17.0.11\bin\keytool -import -v -trustcacerts -cacerts -storepass [mypassword] -noprompt -alias my_root_ca -file C:\Temp\test-server-certificates\my_root_ca.crt
E:\Java\jdk-17.0.11\bin\keytool -import -v -trustcacerts -cacerts -storepass [mypassword]-noprompt -alias my_intermediate_ca -file C:\Temp\test-server-certificates\my_intermediate_ca.crt
E:\Java\jdk-17.0.11\bin\keytool -import -v -trustcacerts -cacerts -storepass [mypassword] -noprompt -alias sql-server -file C:\Temp\sql_server_certificates\sql-server.dc3n.navy.mil\sql-server.cert.crt
The connection string works:
AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=false
The following connection strings do not work:
AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=true;HostNameInCertificate=SQL-SERVER;TrustStore=E:\Java\jdk-17.0.11\lib\security\cacerts;TrustStorePassword=changeit
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]An SSL socket connection could not be established because JRE 1.4 or above is required.
AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=false;HostNameInCertificate=SQL-SERVER;TrustStore=E:\Java\jdk-17.0.11\lib\security\cacerts;TrustStorePassword=changeit
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]An SSL socket connection could not be established because JRE 1.4 or above is required.
AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=false;HostNameInCertificate=SQL-SERVER;TrustStore=E:\Java\jdk-17.0.11\lib\security\cacerts;TrustStorePassword=changeit
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]An SSL socket connection could not be established because JRE 1.4 or above is required.
AuthenticationMethod=ntlm;EncryptionMethod=SSL;ValidateServerCertificate=true
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]SSL handshake failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Any assistance you can provide is greatly appreciated because this is driving me bonkers. As you can see, I can get it to work if I don't validate the certificate, but I would prefer to do things the proper and more secure way.
AdChoices