External Connection to MSSQL is not working in 16.0.3 after the driver change
search cancel

External Connection to MSSQL is not working in 16.0.3 after the driver change

book

Article ID: 258760

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

FATAL 2022-11-30 09:04:46,627 [Custom script execution pool-10-thread-9] union.persistence (clarity:XXXXXXX:none:none) Failed to initialize Context properties
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:f9fb904c-fc1e-477c-96c4-01cb3228719c
 at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3680)
 at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:2113)
 at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:3204)
 at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2833)
 at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:2671)
 at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1640)
 at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:936)
 at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:347)
 at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:228)
 at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:764)
 at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:692)
 at org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:198)
 at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:134)
 at com.niku.union.persistence.connection.ApacheContext.getConnection(ApacheContext.java:243)
 at com.niku.union.persistence.connection.ApacheContext.getConnection(ApacheContext.java:207)
 at com.niku.union.persistence.connection.ConnectionContext.initializeContextProperties(ConnectionContext.java:738)
 at com.niku.union.persistence.connection.ConnectionContext.getContext(ConnectionContext.java:370)
 at com.niku.union.gel.tags.SetDataSourceTag.doTag(SetDataSourceTag.java:49)
 at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:248)
 at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:96)
 at org.apache.commons.jelly.TagSupport.invokeBody(TagSupport.java:187)
 at com.niku.union.gel.tags.ScriptTag.doTag(ScriptTag.java:20)
 at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:248)
 at com.niku.union.gel.GELScript.run(GELScript.java:58)
 at com.niku.union.gel.GELController.invoke(GELController.java:79)
 at com.niku.bpm.services.ExecuteCustomAction.run(ExecuteCustomAction.java:217)
 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
 at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
 at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
 at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
 at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642)
 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)
 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)
 at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
 at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
 at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
 at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
 at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
 at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
 at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
 at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
 at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:2021)
 ... 27 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
 at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
 at java.base/sun.security.validator.Validator.validate(Validator.java:264)
 at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:321)
 at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
 at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:110)
 at com.microsoft.sqlserver.jdbc.TDSChannel$HostNameOverrideX509TrustManager.checkServerTrusted(IOBuffer.java:1702)
 at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1509)
 at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:626)
 ... 38 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
 at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
 at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
 at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
 ... 46 more

Environment

Release : 16.0.3

Resolution

Append "encrypt=true;trustServerCertificate=true;" to the connection string to resolve the issue.

Reference :- https://learn.microsoft.com/en-us/sql/connect/jdbc/connecting-with-ssl-encryption?view=sql-server-ver16 

Powered by Wolken Software