Highlighted

Help Needed w/CF10 SSL Connection String to SQL 2008

New Here ,
Sep 22, 2017

Copy link to clipboard

Copied

Hello,

I have an existing/working CF10-SQL 2008 DataSource that I need to make encrypted. I have added the following connection string to the advanced setting of the DSN:

EncryptionMethod=SSL; trustStore=C:/ColdFusion10/jre/bin/cacerts; trustStorePassword=PASSWORD; ValidateServerCertificate=true;

The SSL certificate for the SQL server was issued with the FQDN and resides on the SQL and ColdFusion servers and was loaded in to the CF certificate store.

When verifying the DSN, I receive the following error:

Connection verification failed for data source: TestSSLDSN

java.sql.SQLNonTransientConnectionException: [Macromedia][SQL Server JDBC Driver] SSL Handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any assistance would be greatly appreciated. Thanks!

Views

322

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Help Needed w/CF10 SSL Connection String to SQL 2008

New Here ,
Sep 22, 2017

Copy link to clipboard

Copied

Hello,

I have an existing/working CF10-SQL 2008 DataSource that I need to make encrypted. I have added the following connection string to the advanced setting of the DSN:

EncryptionMethod=SSL; trustStore=C:/ColdFusion10/jre/bin/cacerts; trustStorePassword=PASSWORD; ValidateServerCertificate=true;

The SSL certificate for the SQL server was issued with the FQDN and resides on the SQL and ColdFusion servers and was loaded in to the CF certificate store.

When verifying the DSN, I receive the following error:

Connection verification failed for data source: TestSSLDSN

java.sql.SQLNonTransientConnectionException: [Macromedia][SQL Server JDBC Driver] SSL Handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any assistance would be greatly appreciated. Thanks!

Views

323

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 22, 2017 0
Adobe Community Professional ,
Sep 26, 2017

Copy link to clipboard

Copied

trustStore=C:/ColdFusion10/jre/bin/cacerts;

Shouldn't that be: trustStore=C:/ColdFusion10/jre/lib/security/cacerts;

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 26, 2017 0
New Here ,
Sep 26, 2017

Copy link to clipboard

Copied

Yes but I just missed it here in my post, the connection string in the DSN has the correct path.

I have validated the connection string by purposely changing the truststore and password values to confirm neither are the issue.

Thank you but that's not it. 😞

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 26, 2017 0
Adobe Community Professional ,
Sep 26, 2017

Copy link to clipboard

Copied

What about including the flag HostNameInCertificate? I would also check that the Java versions are consistent.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 26, 2017 0
New Here ,
Oct 06, 2017

Copy link to clipboard

Copied

Ok, finally got a chance to try adding the HostNameInCertificate value identifying the full name of the SQL certificate to the CF connection string but that didn't help either.

Also, Java isn't allowed on either server; is that an issue even if I'm using the SQL Server DSN driver?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 06, 2017 0
BKBK LATEST
Adobe Community Professional ,
Oct 08, 2017

Copy link to clipboard

Copied

The certificate check requires Java.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 08, 2017 0