iXP does not connect to AutoSys over SQL Server database
search cancel

iXP does not connect to AutoSys over SQL Server database

book

Article ID: 407792

calendar_today

Updated On:

Products

CA Workload Automation iXP

Issue/Introduction

iXPDaemon.log has errors like this:

 

08-18 02:44:48:   db-S21:com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: The security certificate has not been accepted from: CN: Example Server, O=Example.com, C=US. ClientConnectionId:##################
08-18 02:44:48:   db-S21:at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:4026)
08-18 02:44:48:   db-S21:at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1954)
08-18 02:44:48:   db-S21:at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:3552)
08-18 02:44:48:   db-S21:at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:3172)
08-18 02:44:48:   db-S21:at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:3014)
08-18 02:44:48:   db-S21:at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1836)
08-18 02:44:48:   db-S21:at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1246)
08-18 02:44:48:   db-S21:at java.sql.DriverManager.getConnection(DriverManager.java:664)
08-18 02:44:48:   db-S21:at java.sql.DriverManager.getConnection(DriverManager.java:208)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.db.DbConnector.getPhysicalConnectionY(DbConnector.java:624)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.db.DbConnector.access$000(DbConnector.java:54)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.db.DbConnector$1.run(DbConnector.java:435)
08-18 02:44:48:   db-S21:Caused by: javax.net.ssl.SSLHandshakeException: The security certificate has not been accepted from: CN: Example Server, O=Example.com, C=US
08-18 02:44:48:   db-S21:at sun.security.ssl.Alert.createSSLException(Alert.java:131)
08-18 02:44:48:   db-S21:at sun.security.ssl.TransportContext.fatal(TransportContext.java:331)
08-18 02:44:48:   db-S21:at sun.security.ssl.TransportContext.fatal(TransportContext.java:274)
08-18 02:44:48:   db-S21:at sun.security.ssl.TransportContext.fatal(TransportContext.java:269)
08-18 02:44:48:   db-S21:at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
08-18 02:44:48:   db-S21:at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
08-18 02:44:48:   db-S21:at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
08-18 02:44:48:   db-S21:at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
08-18 02:44:48:   db-S21:at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
08-18 02:44:48:   db-S21:at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
08-18 02:44:48:   db-S21:at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
08-18 02:44:48:   db-S21:at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
08-18 02:44:48:   db-S21:at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1397)
08-18 02:44:48:   db-S21:at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1305)
08-18 02:44:48:   db-S21:at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
08-18 02:44:48:   db-S21:at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1843)
08-18 02:44:48:   db-S21:... 10 more
08-18 02:44:48:   db-S21:Caused by: java.security.cert.CertificateException: The security certificate has not been accepted from: CN: Example Server, O=Example.com, C=US
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.ldap.ssl.cert.NotTrustedCertificateVerifier.promptForAcceptingCertificate(NotTrustedCertificateVerifier.java:78)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.ldap.ssl.cert.NotTrustedCertificateVerifier.access$000(NotTrustedCertificateVerifier.java:37)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.ldap.ssl.cert.NotTrustedCertificateVerifier$1.accept(NotTrustedCertificateVerifier.java:58)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.ldap.ssl.cert.CertificateVerifierHelper.checkIfNotTrustedCertificate(CertificateVerifierHelper.java:112)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.ldap.ssl.cert.NotTrustedCertificateVerifier.accept(NotTrustedCertificateVerifier.java:55)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.ldap.ssl.cert.MultipleCertificateVerifier.revalidateCertificate(MultipleCertificateVerifier.java:83)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.ldap.ssl.cert.MultipleCertificateVerifier.accept(MultipleCertificateVerifier.java:62)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.ldap.ssl.SSLTrustManager.verifyCertificates(SSLTrustManager.java:77)
08-18 02:44:48:   db-S21:at com.pgti.ixp.core.ldap.ssl.SSLTrustManager.checkServerTrusted(SSLTrustManager.java:101)
08-18 02:44:48:   db-S21:at com.microsoft.sqlserver.jdbc.HostNameOverrideX509TrustManager.checkServerTrusted(SQLServerTrustManager.java:88)
08-18 02:44:48:   db-S21:at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1258)
08-18 02:44:48:   db-S21:at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
08-18 02:44:48:   db-S21:... 21 more
08-18 02:44:48:   db-S21:com.pgti.ixp.core.exception.IxpException:"encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: The security certificate has not been accepted from: CN: Example Server, O=Example.com, C=US. ClientConnectionId::##################
08-18 02:44:48:      S21:meta types loaded:5318ms
08-18 02:44:48:      S21:connecting:primary
08-18 02:44:48:   db-S21:connecting:jdbc:sqlserver://sqlserver.example.com:1433;databaseName=AutoSys
08-18 02:44:48:   db-S21:The validation of security certificate has failed. Reason: No trusted certificate found
08-18 02:44:48:   db-S21:Security certificate received:

Cause

SQL Server encryption is set to true, but the client side JDBC connection is not set to accept SSL certificate

Resolution

  • In the file <instance>.conf, locate the JDBC URL being used, example:

IXP_INSTANCE_PRIMARY_URL=jdbc:sqlserver://sqlserver.example.com:1433;databaseName=AutoSys

 

  • Change the above to look like:

IXP_INSTANCE_PRIMARY_URL=jdbc:sqlserver://sqlserver.example.com:1433;databaseName=AutoSys;encrypt=true;trustServerCertificate=true

 

  • Save the file and restart iXP
Powered by Wolken Software