Help Needed w/CF10 SSL Connection String to SQL 2008

New Here ,
Sep 22, 2017 Sep 22, 2017

Copy link to clipboard

Copied

Hello,

I have an existing/working CF10-SQL 2008 DataSource that I need to make encrypted. I have added the following connection string to the advanced setting of the DSN:

EncryptionMethod=SSL; trustStore=C:/ColdFusion10/jre/bin/cacerts; trustStorePassword=PASSWORD; ValidateServerCertificate=true;

The SSL certificate for the SQL server was issued with the FQDN and resides on the SQL and ColdFusion servers and was loaded in to the CF certificate store.

When verifying the DSN, I receive the following error:

Connection verification failed for data source: TestSSLDSN

java.sql.SQLNonTransientConnectionException: [Macromedia][SQL Server JDBC Driver] SSL Handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any assistance would be greatly appreciated. Thanks!

Views

342

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Sep 26, 2017 Sep 26, 2017

Copy link to clipboard

Copied

trustStore=C:/ColdFusion10/jre/bin/cacerts;

Shouldn't that be: trustStore=C:/ColdFusion10/jre/lib/security/cacerts;

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Sep 26, 2017 Sep 26, 2017

Copy link to clipboard

Copied

Yes but I just missed it here in my post, the connection string in the DSN has the correct path.

I have validated the connection string by purposely changing the truststore and password values to confirm neither are the issue.

Thank you but that's not it. 😞

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Sep 26, 2017 Sep 26, 2017

Copy link to clipboard

Copied

What about including the flag HostNameInCertificate? I would also check that the Java versions are consistent.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 06, 2017 Oct 06, 2017

Copy link to clipboard

Copied

Ok, finally got a chance to try adding the HostNameInCertificate value identifying the full name of the SQL certificate to the CF connection string but that didn't help either.

Also, Java isn't allowed on either server; is that an issue even if I'm using the SQL Server DSN driver?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Oct 08, 2017 Oct 08, 2017

Copy link to clipboard

Copied

LATEST

The certificate check requires Java.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines