Hi Brian,
In my understanding of more recent versions of Java and the SQL server JDBC drivers, it tries to encrypt connections by default and looks for a trusted CA certificate .
SQL server has a fall back default “Server certificate” when a Certificate from an Official Certificate Authority is not installed.
The default option of the JDBC driver is not to trust the fall-back Server certificate (is this certificate not analogous to a self-signed SSL certificate?).
This is giving the error you are see:
“
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
”
You have 2 options(based on a web search):
1. Request and Install a Server Certificate for your SQL server Instance from a recognised Certificate Authority
which should then provide a SSL/TLS connection using a certificate from a trusted Certificate Authority.
2. In your database connection attributes you add an additional “connectionProperty” element to tell java to trust the SQL Server default server certificate. e.g. under the <driverName>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver>
Add the following line:
<connectionProperty name="TrustServerCertificate">true</connectionProperty>
The general advice is that option one is more secure, although you need to research and assess for your environment.
In your scenario It sounds like the connection from your ERDDAP instance is connecting to a local instance of SQL express so isn’t traversing a network, so option 2 might be fine, but again you need to evaluate this for your usage scenario and environment.
Best regards
Damian
From: erd...@googlegroups.com <erd...@googlegroups.com>
On Behalf Of Brian O'Neill
Sent: Monday 13 May 2024 12:01
To: ERDDAP <erd...@googlegroups.com>
Subject: [ERDDAP] Upgrade In Windows
You don't often get email from bonei...@gmail.com. Learn why this is important |
--
You received this message because you are subscribed to the Google Groups "ERDDAP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
erddap+un...@googlegroups.com.
To view this discussion on the web, visit
https://groups.google.com/d/msgid/erddap/bed2a6cd-b125-4d3f-8534-e5112da5d3f4n%40googlegroups.com.