I am trying to configure a connection to Microsoft SQL server through wso2 API manager. I have added the database connection in the deployment.toml file and added the JDBC driver. I getting the following error when running APIM:
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver
could not establish a secure connection to SQL Server by using Secure
Sockets Layer (SSL) encryption. Error: "PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target".
ClientConnectionId:47e27af8-eb0d-429b-be14-5499b46f69db
I am able to run APIM to get the Urls, but it does not load on the web browser.
below is the database configuration:
[database.apim_db]
type = "mssql"
url = "jdbc:sqlserver://ip\\test:port;databaseName=WSO2AM_DB;SendStringParametersAsUnicode=false"
username = "username"
password = "password"
[database.shared_db]
type = "mssql"
url = "jdbc:sqlserver://ip\\test:port;databaseName=WSO2SHARED_DB;SendStringParametersAsUnicode=false"
username = "username"
password = "password"
Any help will be much appreciated as I am new to this. :)
The error indicates that you are missing the MSSQL certificate in the client's trustore. Hence try importing the MSSQL Public certificate to WSO2 trustore. Take a look at this document for more details.
keytool -import -alias <alias> -keystore $IS_HOME/repository/resources/security/client-trustore.jks -file mssql.cer
Also you can try disabling SSL verification(not recommended) by adding the following properties to the connection URL.
encrypt=false;trustServerCertificate=false;
Related
I want to add a database (Microsoft SQL) to the website I'm working on, using Cold Fusion Administrator (latest version).
After entering all needed data, I got the issue:
Connection verification failed for data source: dbKantine
java.sql.SQLException: The sqlserver package is not installed. You can install the package through the CLI package manager (C:/Users/MYNAME/.CommandBox/server/C1EA019F5A81794693D0EA837C1622B4-PROJECTNAME/adobe-2021.0.2.328618/WEB-INF/cfusion/bin/cfpm.bat) by running the command : install sqlserver.
I tried to execute the *.bat file mentioned, but nothing happened.
I also tried install sqlserver in the CommandBox, but it says:
Error getting ForgeBox entry [sqlserver]
The entry slug sent is invalid or does not exist
EDIT:
I got it installed using cfpm.sh and wrote there "install sqlserver".
But now it tells me this inside of Cold Fusion Administrator:
Connection verification failed for data source: MYDB
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]An SSL socket connection could not be established because JRE 1.4 or above is required.
EDIT 2:
I setup everything again with ColdFusion 2018 (as I'm learning CF 2018 currently).
Now I get the issue:
Connection verification failed for data source: MYDB
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer
JDBC Driver]The SQL Server login requires an SSL connection. The root
cause was that: java.sql.SQLNonTransientConnectionException:
[Macromedia][SQLServer JDBC Driver]The SQL Server login requires an
SSL connection.
What I tried:
I created a *.keystore file and a *.cer file.
I followed this (https://usermanual.wiki/adobe/CF11Configen.762142204/html#pf2f) instruction and tried to add the keystore file to the CF Administrator:
According to Data Source Management for ColdFusion > Enabling SSL Connection what you need is a truststore. The JVM used by ColdFusion already has a default truststore configured, typically jre\lib\security\cacerts, so no need to create one. Though depending on the server certificate, it may need to be imported into the truststore. The "Enable RMI Over SSL For Data Management" setting isn't relevant. It's for Flex Integration, not datasources.
Do the following to enable SSL connection:
In the ColdFusion Administrator, go to Data & Services > Data Sources.
Select the data source to enable SSL Connection.
In the data source page, click Show Advanced Settings.
In the Connection String text box, specify the connection properties as per the SSL requirements.
The relevant SQL Server SSL connection settings are:
EncryptionMethod - Values are noEncryption and SSL
TrustStore - The (full path) of the truststore file
TrustStorePassword - The password to access the truststore file
ValidateServerCertificate - Determines whether the driver validates the certificate sent by the database, true or false.
server
HostNameInCertificate - Host name for certificate validation. (Either a literal string "host_name" or #SERVERNAME#)
Sample connection string to enable SSL and validate the server certificate:
EncryptionMethod=SSL;ValidateServerCertificate=true;HostNameInCertificate=YourServerName;TrustStore=C:\commandbox\openjdk11\jre\lib\security\cacerts;TrustStorePassword=ThePassword
Sample connection string to enable SSL without validating the server certificate:
EncryptionMethod=SSL;ValidateServerCertificate=false;TrustStore=C:\commandbox\openjdk11\jre\lib\security\cacerts;TrustStorePassword=ThePassword
I have a SQL Server (which is a Google cloud SQL Server). The connection with it needs to be ssl encrypted and authenticated with a username and password.
I can get the .pem file for the ssl certificate :
I also have the username, password, and ip of the server. In the SqlClient connection string syntax I was able to find the flags defining the username (uid), password (pwd) and ip (Data Source). But I can't find how to place the .pem file.
Does the .pem file not belong in the connection string? If so, how do I use it ?
Thanks,
nimrod
Edit: I tried opening the connection with trustServerCertificate=true, but still got error: 40 - Could not open a connection to SQL Server.
Solution:
The SSL wasn't the issue. Adding the TrustServerCertificate and Encrypt flags should have allowed SSL. With these flags the client just accepts any certificate from the sever, and proceeds with the SSL handshake.
My issue was that I didn't add the client network to the trusted networks list for the cloud SQL. This is apparently a requirement even though the cloud SQL is set to us a public IP. I added the 0.0.0.0/0 network as trusted, and the connection worked.
Does the .pem file not belong in the connection string?
No.
The client demands protocol encryption using the Encrypt connection string option. If the server's certificate is not trusted by the client, you either need to install the certificate on the client or opt to TrustServerCertificate in the connection string.
I am using the following Database URL in DB Visualizer to connect to snowflake using Azure AD authentication
jdbc:snowflake://accountname.snowflakecomputing.com/?authenticator=externalbrowser&warehouse=xxxxx_WH&db=xxx_db&schema=xxxx_schema
I am getting the following error : JDBC driver encountered communication error. Message: Exception encountered for HTTP request: sun.security.validator.ValidatorException: No trusted certificate found.
This error is usually indicating that the jvm can't find the necessary certificates. You can refer to the following link for further troubleshooting:
https://community.snowflake.com/s/question/0D50Z00009LHQMSSA5/how-do-i-resolve-no-trusted-certificate-found-error-when-connecting-to-snowflake-via-jdbc-driver-in-java
See if you can export JAVA_HOME to match the jdk installation where your cacerts is located. It is usually located under <JAVA_HOME>/lib/security/cacerts.
-pd
I am having trouble accessing my SQL Server database using Kerberos with a JDBC connection. Note I'm running Linux with Spark version 2.2.0.
I am not specifying anything related to kerberos tickets in my spark_connect, as I've heard rstudio server pro may have an overlapping capability, though I am not sure if it applies to this.
My connection looks like:
table <- sparklyr::spark_read_jdbc(
sc,
"AMI_DATA_STAG_RES",
options = c(list(
url = paste0("jdbc:sqlserver://", <MY SERVER>),
databaseName = "fun_db",
dbtable = "fun_tbl",
driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver",
integratedSecurity = "true",
authenticationScheme = "JavaKerberos"))
)
The error I get is:
Error: com.microsoft.sqlserver.jdbc.SQLServerException:
Kerberos Login failed: Integrated authentication failed.
ClientConnectionId:878fa848-91cb-4d78-bd48-6dad88b1e401
due to javax.security.auth.login.LoginException
(Cannot get any of properties: [user, USER] from con properties not available to garner authentication information from the user)
I've read solutions on the internet, but I'm not sure what applies to windows and what will work with my Rstudio Server set-up on Redhat.
Any help appreciated. I'm pretty new to the wonderful world of Kerberos.
EDIT: I've updated my spellings (thanks!) and pasted in the new error. If I add into the connection string my username and password then I think it does work, but I want to avoid having to paste in my password.
Adding in just my username yields the error:
Error: com.microsoft.sqlserver.jdbc.SQLServerException: Cannot login with Kerberos principal dzafar, check your credentials. Kerberos Login failed: Integrated authentication failed. ClientConnectionId:543c9b44-e1e0-4fe8-8510-235a21be2845 due to javax.security.auth.login.LoginException (Cannot get any of properties: [password, PASSWORD] from con properties not available to garner authentication information from the user)
I'm unable to connect to a local SQL Server with jdbc. This server is authenticated by Windows Authentication. One thing to mention is that I successfully connected to a remote SQL Server with SQL Server Authentication.
My code:
String url = "jdbc:sqlserver://localhost\\SQLEXPRESS;integratedSecurity=true;databaseName=TP3S;";
String driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver";
Connection conn = DriverManager.getConnection(url);
I have enabled TCP/IP:
Any ideas? Thanks!
--UPDATE--
I have just started SQL Server Browser, now I'm getting the error:
WARNING: Failed to load the sqljdbc_auth.dll cause : no sqljdbc_auth in java.library.path
com.microsoft.sqlserver.jdbc.SQLServerException: This driver is not configured for integrated authentication.
--UPDATE--
I solved the previous problem by adding -Djava.library.path="DLL path" in Run->Run configuration->Apache Tomcat->Arguments. But now I'm getting this error:
com.microsoft.sqlserver.jdbc.SQLServerException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
Under TCP/IP you can enable by IP address. Check if IPs are enabled.