portal entry

select a category, or use search below
(searches all categories and all time range)

CF2016/2018 Datasource SSL configuration

| View in Portal
March 08, 2019 03:10:33 PM GMT
<p>Hello, When trying to pass EncryptionMethod=SSL in datasource conenction string, we are getting the below errors: 1- ValidateCertificate=false: “Connection verification failed for data source: CDXTEST java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]SSL handshake failed: Unknown named group ID: 29 The root cause was that: java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]SSL handshake failed: Unknown named group ID: 29” 2- ValidateCertificate=true: “Connection verification failed for data source: CDXTEST java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]SSL handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested […]</p>
<p>The post <a rel="nofollow" href="https://coldfusion.adobe.com/2019/03/cf2016-2018-datasource-ssl-configuration/">CF2016/2018 Datasource SSL configuration</a> appeared first on <a rel="nofollow" href="https://coldfusion.adobe.com">ColdFusion</a>.</p>
Labels: Data Source, JDBC Connection, Question, ColdFusion, data source, jdbc connection, question


Was this after installing CF2016 Update 8/9/10? or CF2018 Update 3? If so, they updated the macromedia_drivers.jar (CF2016) and adobe_drivers.jar (CF2018) for the database drivers as part of the hotfix. A work-around from Adobe is to copy the backed-up version of the file from the hf_updates directory back into cfusion\lib. I can provide more detail if necessary.
Comment by Benjamin Reid
1911 | March 12, 2019 12:06:00 AM GMT
And if that's not it, please confirm if in step 4 you are importing the cert into the cacerts of the jvm cf is set to use--which may not be the one in cf's jre folder. Second, confirm the jvm cf is using. Both are shown in the cf admin settings summary page, in its jvm section.
Comment by Charlie Arehart
1912 | March 12, 2019 01:27:51 AM GMT
DataSource SSL Encryption broken with CF2016 Update 8/9/10 and CF2018 Update 3:<a href="https://tracker.adobe.com/#/view/CF-4204087" rel="nofollow">https://tracker.adobe.com/#/view/CF-4204087</a>
Comment by Benjamin Reid
1914 | March 12, 2019 07:41:09 AM GMT
Is there anyway to get the original adobe_drivers.jar file?  We just moved from CF11 to CF2018 Update 3.   The installer includes Update 2 which has the same adobe_drivers.jar file as Update 3.  The one in the hf_updates folder is the same one as in the cfusion\lib folder, but we tried it anyways. Our issue is actually with an LDAPS connection to a server that presents a wildcard certificate.  Everything is still working fine on our CF11 server and we've tried everything with the cacerts file, including pointing CF2018 to the Java 8 and cacerts file we're using with CF11.
2045 | May 09, 2019 06:24:08 PM GMT
<p>George, I realize you’re scrambling to find a solution, but you’re reaching here, in wondering if this post and its proposed solution would relate to your problem. The adobe_drivers.jar relates only to datasources, not ldap calls.</p><p>I hear you saying you have “tried everything”, which is what leaves you grasping at straws. But maybe you have missed something. It would be hard to go over here (in the blog comments) all the things you should check–plus, since it’s off-topic, it would be inappropriate here.</p><p>You can help that perhaps someone from Adobe would reach out to help, and they may, but if you need to get this resolved sooner, I will just propose that helping solve that kind of problem is what I do all day each day with CF folks, via a remote screenshare. You can learn more about my approach, rates, satisfaction guarantee, and more at <a href="https://www.carehart.org/consulting" rel="nofollow">https://www.carehart.org/consulting</a>. We might solve this in as little as 15 mins (zeroing in on the problem, as we assess and rule out various things). Totally your call.</p>
Comment by Charlie Arehart
2047 | May 10, 2019 02:50:38 PM GMT
Charlie,   Thanks for the response and information.   I noticed a couple LDAP related classes when I ran "jar -tf adobe_drivers.jar" so I was hopeful it was the same problem.  Unfortunately due to our environment we'd probably be on ColdFusion 2020 before I got through all the hoops to get support from Carehart, but I will keep it in mind.
2052 | May 14, 2019 12:21:41 PM GMT