CF2016/2018 Datasource SSL configuration

March 8, 2019
Newbie 1 posts
Followers: 0 people
3

CF2016/2018 Datasource SSL configuration

Newbie 1 posts
Followers: 0 people
March 8, 2019

Hello,

When trying to pass EncryptionMethod=SSL in datasource conenction string, we are getting the below errors:

1- ValidateCertificate=false:

“Connection verification failed for data source: CDXTEST
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]SSL handshake failed: Unknown named group ID: 29
The root cause was that: java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]SSL handshake failed: Unknown named group ID: 29”

2- ValidateCertificate=true:

“Connection verification failed for data source: CDXTEST
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]SSL handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The root cause was that: java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]SSL handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”

Below are the steps done to enable SSL:

1-Create Self Signed Certificate on MSSQL server (Windows Server 2016)

2- Grant MSSQL service account read privileges on the certificate

3- Configure MSSQL to use the certificate using MSSQL COnfiguration Manager by pointing it to the created certificate and Restart MSSQL service.

4-Copy the certificate to Coldfusion server and import it to the keystore

5- Restart Coldfusion Service and verify the datasource. Connection String set to:

EncryptionMethod=SSL;TrustStore=C:ColdFusion2018jrelibsecuritysqlstore.jks;TrustStorePassword=xxxxxxx;ValidateServerCertificate=true;HostNameInCertificate=xxxxxxxx

Would youplease advise if there is anything missing and must be done to solve the issue.

P.S: the issue is occuring on both version of CF 2016 and 2018.

Thank you

Comments (3)
2019-03-12 07:41:09
2019-03-12 07:41:09

DataSource SSL Encryption broken with CF2016 Update 8/9/10 and CF2018 Update 3:https://tracker.adobe.com/#/view/CF-4204087

Like
2019-03-12 01:27:51
2019-03-12 01:27:51

And if that’s not it, please confirm if in step 4 you are importing the cert into the cacerts of the jvm cf is set to use–which may not be the one in cf’s jre folder.

Second, confirm the jvm cf is using.

Both are shown in the cf admin settings summary page, in its jvm section.

Like
(1)
2019-03-12 00:06:00
2019-03-12 00:06:00

Was this after installing CF2016 Update 8/9/10? or CF2018 Update 3?

If so, they updated the macromedia_drivers.jar (CF2016) and adobe_drivers.jar (CF2018) for the database drivers as part of the hotfix.

A work-around from Adobe is to copy the backed-up version of the file from the hf_updates directory back into cfusion\lib.

I can provide more detail if necessary.

Like
Add your comment