After the 14.4 to 14.5 upgrade, problem has been found with a problem with custom java connector.
search cancel

After the 14.4 to 14.5 upgrade, problem has been found with a problem with custom java connector.

book

Article ID: 369910

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Post the upgrade from v14.4 to v14.5, there is a problem with custom java connector. This custom java connector is using JDBC to connect to an MS SQL database.
Following error message is seen when opening the endpoint properties in Provisioning Manager and when testing connection in Connector Xpress:

ERROR  - com.ca.jcs.jdbc.JDBCMetaConnector: XXX: eager JDBC connection problem org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

Environment

Identity Manager v14.5 (Standalone)

Cause

JDBC v11.2 (mssql-jdbc-11.2.0) in Identity Manager 14.5

Resolution

In Identity Manager v14.5, JDBC driver has been upgraded to version v11.2 (mssql-jdbc-11.2.0). Microsoft SQL JDBC driver (mssql-jdbc-11.2.0) enables TLS 
encryption by default. This behavioral change has no impact on a fresh and upgraded deployment of the driver as IAM Connector Server internally handles this change by passing encrypt=false;trustServerCertificate=true in the JDBC connection URL for non-TLS communication.

However, in case of an endpoint, this change requires that you manually add encrypt=false;trustServerCertificate=true for non-SSL in the JDBC URL connection information for a newly acquired or an already acquired Microsoft SQL endpoint in the Identity Manager User Console.

Additional Information

Powered by Wolken Software