Applies to:
- Liquibase Pro
- Liquibase Open Source (Community)
Conditions:
Issue Summary:
When attempting to connect to a newer SQL Server database, an error will occur that the driver cannot establish a secure connection to SQL Server, which will prevent Liquibase from being able to connect to the database.
Error Message:
Unexpected error running Liquibase: Connection could not be created to with driver com.microsoft.sqlserver.jdbc.SQLServerDriver. The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".
Root Cause:
By default, the driver has the attribute encrypt=true, which enforces the connection to use SSL encryption for all data sent between the client and server if the server has a certificate installed.
If the connection is encrypting the data, the following needs to occur:
- JDBC connection needs to be set to trust the server certificate
- The JDBC connection needs to provide the trustStore and the trustStorePassword.
Resolution:
The connection string (URL) needs to have an additional attribute, trustServerCertificate, set to true to ensure that the channel is encrypted.
Both examples shown below do not include the encrypt=true attribute, as this is a default attribute for the connecting string.
Have the JDBC connection trust the server certificate
The connection string (URL) needs to have an additional attribute, trustServerCertificate, set to true.
Example:
url: jdbc:sqlserver://;serverName=localhost;port=1433;databaseName=master;trustServerCertificate=true
Have the JDBC connection provide the trustStore and trustStorePassword
The trustServerCertificate is set to false, and the trustStore and password must be provided.
Example:
url: jdbc:sqlserver://;serverName=localhost;port=1433;databaseName=master;trustServerCertificate=false;trustStore=;trustStorePassword=
More information can be found on Microsoft's Connecting with Encryption page.
Related Article(s):
Using Liquibase with Microsoft SQL Server [docs.liquibase.com]
SqlConnectionStringBuilder.TrustServerCertificate Property [learn.microsoft.com]
Comments
0 comments
Article is closed for comments.