I have an existing/working CF10-SQL 2008 DataSource that I need to make encrypted. I have added the following connection string to the advanced setting of the DSN:
EncryptionMethod=SSL; trustStore=C:/ColdFusion10/jre/bin/cacerts; trustStorePassword=PASSWORD; ValidateServerCertificate=true;
The SSL certificate for the SQL server was issued with the FQDN and resides on the SQL and ColdFusion servers and was loaded in to the CF certificate store.
When verifying the DSN, I receive the following error:
Connection verification failed for data source: TestSSLDSN
java.sql.SQLNonTransientConnectionException: [Macromedia][SQL Server JDBC Driver] SSL Handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Any assistance would be greatly appreciated. Thanks!
Shouldn't that be: trustStore=C:/ColdFusion10/jre/lib/security/cacerts;
Yes but I just missed it here in my post, the connection string in the DSN has the correct path.
I have validated the connection string by purposely changing the truststore and password values to confirm neither are the issue.
Thank you but that's not it. 😞
What about including the flag HostNameInCertificate? I would also check that the Java versions are consistent.
Ok, finally got a chance to try adding the HostNameInCertificate value identifying the full name of the SQL certificate to the CF connection string but that didn't help either.
Also, Java isn't allowed on either server; is that an issue even if I'm using the SQL Server DSN driver?
The certificate check requires Java.