Skip to main content

Error: No Trusted Certificate Found - Snowflake JDBC Connection

Tylor Graves
Updated

Applies to: 

  • Liquibase Pro
  • Liquibase Open Source (Community)

Conditions:

Issue Summary:

When Liquibase attempts to establish a connection to the database, an error message about no trusted certificates being found occurs, which prevents Liquibase from establishing a database connection.

This error needs to be resolved for Liquibase to deploy any changes to the Snowflake database.

Error Message:

Unexpected error running Liquibase: Connection could not be create to jdbc:snowflake:// with driver net.snowflake.client.jdbc.SnowflakeDriver. JDBC driver encountered communication error. Message: Exception encountered for HTTP request: No trusted certificate found.

Root Cause:

There are two established root causes for this issue, the first being the main cause most of the time.

  1. The firewall/proxy is not allowing the connection or is modifying/not including the Java certificate.
  2. The default Trustore has been overwritten 

Resolution:

Ensure that the trust store is not being overwritten

By default, the keystone file is name cacerts. Check either the environment JAVA_OPTS or the JAVA_OPTS being passed into Liqubiase directly to check if the default trust store is pointing to a different keystore.

The cacerts file is located in the lib/security directory within your Java Runtime Environment (JRE) or Java Development Kit (JDK) installation. The exact path with vary depending on the installation. 

Add the snowflake certificate to cacerts

If you are using the default keystore file, cacerts, and still getting the no trusted certificates found. The next step is to add the Snowflake certfidicate to the keystore file.

Note: the below example is using Chrome (other browsers will vary on how to obtain the certificate)

  1. Navigate to your Snowflake instance and log in.
  2. Click on the lock icon on the left hand of the URL
  3. Click connection is secure
  4. Click certificate is valid
  5. Click details
  6. Click Export
  7. Save the certificate file to the directory of your choice. 
  8. Run the following command 
    1. keytool -import -trustcacerts -keystore cacerts -storepass  -noprompt -alias snowflake -file

Other methods

If the other methods do not work, Reach out to your networking team and review the connection logs to ensure that the firewall/proxy isn't causing any issues with the connection.

Snowflake has a knowledge base article (JDBC connection fails with "No trusted certificate found") detailing troubleshooting methods.

Related Article(s):

Using Liquibase with Snowflake

Related to

Related articles

Comments

0 comments

Article is closed for comments.