PKIX path building failed

[Marco]

Here's an interesting problem accessing Microsoft SQL Server with Build 127's console interface. Java 11 on CentOS-8. Microsoft's latest greatest JDBC driver.

When I try to connect to the SQL Server (WbConnect -profile=myProfile) I get this error:

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId: blahblah [SQL State=08S01]

Often resolving PKIX error involves installing the server's self-signed cert to Java's cacerts file. But here's the rub: I have a Groovy program on the same platform that connects to and works with the SQL Server's data (gets its connection via groovy.sql.Sql.newInstance). The Groovy program runs on top of the same Java 11 runtime and therefore (should) use the same cacerts file.

Still working on this. Sure would like to take advantage of SQL Workbench/J's WbCopy program to move some ginormous tables to postgres!

cheers, Marco

[Thomas Kellerer]

I have never used SSL encryption with the SQL Server Driver, but the documentation suggests that the certificate information can be specified per connection:

https://docs.microsoft.com/en-us/sql/connect/jdbc/setting-the-connection-properties?view=sql-server-ver15

If I understand that correctly, this can either be set in the URL or you can use the "Extended Properties" of the connection profile to provide the key/value pairs.

This also seems to be working for e.g. DBEaver (which is also Java based): https://github.com/dbeaver/dbeaver/issues/9573#issuecomment-702907750

Regards
Thomas