The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed:

Question

I'm new to SQL(Microsoft SQL Server Management) and I am trying to connect it with IntelliJ

I am getting the following error: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;

public class MyJDBC {

public static void main(String[] args) {


    String  connectionURL = "jdbc:sqlserver://localhost:10020;databaseName=mydatabase;user=me;password=random_password";
    try {
        System.out.print("Connecting to the server......");
        try (Connection connection = DriverManager.getConnection(connectionURL))   {
            System.out.println("Connected to the Server.");
        }
    }catch (Exception e){
        System.out.println("I am not connected to the Server");
        e.printStackTrace();
    }
}
}

I have this on my lib LIB

Any help is appreciated it!

Are you trying to connect IntelliJ IDEA itself (i.imgur.com/udfl01m.png), or connect from your source code? For the first case, see the workarounds from youtrack.jetbrains.com/issue/DBE-13313 — Konstantin Annikov
– Konstantin Annikov, Commented Mar 7, 2022 at 3:16

Priyanka W · Accepted Answer · 2022-03-28 17:03:39Z

48

Add encrypt=true and trustServerCertificate=true to connection url.

String  connectionURL = "jdbc:sqlserver://localhost:10020;databaseName=mydatabase;user=me;password=random_password;encrypt=true;trustServerCertificate=true";

Microsoft Blog Reference - link
Find below excerpt from it -

This is an issue in Java Certificate Store. As a quick workaround, if you enable TrustServerCertificate=True in the connection string, the connection from JDBC succeeds. When TrustServerCertificate is set to true, the transport layer will use SSL to encrypt the channel and bypass walking the certificate chain to validate trust. If TrustServerCertificate is set to true and encryption is turned on, the encryption level specified on the server will be used even if Encrypt is set to false. The connection will fail otherwise. However, for security considerations, it is not recommended to bypass the certificate validation. Hence, to address the issue, follow the steps below to change the connection string and import the required certificates.

Change the connection string to point to the Java certificate path

String connectionUrl = "jdbc:sqlserver://localhost:1433;" + "databaseName=AdventureWorks;integratedSecurity=true;" + "encrypt=true; trustServerCertificate=false;" + "trustStore= C:\Program Files\Java\jdk-14.0.2\lib\cacert;trustStorePassword=changeit";

Import all the certificates mentioned in this document.

Note: To import above certificates into the keystore cacerts, please use below command and please note you must mention truststore and truststore password in the connection string to successfully connect. Steps to import missing certificates in Java Certificate Store

Download all the certs from here, store them in a location on client host and then use keytool utility to import these certificates into the truststore. Please follow the below steps:

Save all the certificates from the above MS doc. Keytool utility is in the bin folder of your default Java location (C:\Program Files\Java\jdk-14.0.2\bin). You need to use command prompt to navigate to that location. Then you can use the keytool command to import the certificate previously saved. When prompted for password insert the key in the password as “changeit”

Example of commands:

keytool -importcert -trustcacerts -alias TLS1 -file "C:\Users\Documents\Microsoft RSA TLS CA 01.crt" -keystore "C:\Program Files\Java\jdk-14.0.2\lib\security\cacerts"

keytool -importcert -trustcacerts -alias TLS2 -file "C:\Users\Documents\Microsoft RSA TLS CA 02.crt" -keystore "C:\Program Files\Java\jdk-14.0.2\lib\security\cacerts"

answered Mar 28, 2022 at 17:03

Priyanka W

1,0201 gold badge15 silver badges30 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

Priyanka W Over a year ago

another ref link - learn.microsoft.com/en-us/sql/connect/jdbc/…

Der U Over a year ago

I had this issue with Apache Hop. This worked for me: jdbc:sqlserver://localhost:1433;databaseName=MyDB;user=MyName;password=MyPwd;encrypt=true;trustServerCertificate=true

Alex78191 Over a year ago

in Java 11 and newer there are addition step stackoverflow.com/a/67300331/4854931

Andreas Fester · Accepted Answer · 2022-12-15 09:03:08Z

1

Below worked for me:

jdbc:sqlserver://Host;trustServerCertificate=true;integratedSecurity=true;authenticationScheme=NTLM

edited Dec 15, 2022 at 9:03

Andreas Fester

36.8k9 gold badges101 silver badges125 bronze badges

answered Oct 14, 2022 at 2:46

MalakaW

193 bronze badges

1 Comment

Community Over a year ago

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.

Jorge Jhovani Valverde León · Accepted Answer · 2024-11-27 00:39:04Z

It worked for me

package com.sistema.venta;

import java.sql.*;

public class conectaBD {

public Connection cnn; 
public Statement stm;
public ResultSet rs;

String servidor = "localhost";
String usuario = "prueba";
String clave = "XXXXXX";
String puerto = "1433";
String base = "BDXXXX";

public void conectar() {

    try {
        Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
        String cadena = "jdbc:sqlserver://" + servidor + ":" + puerto + ";" + "database=" + base + ";user=" + usuario + ";password=" + clave + ";encrypt=true;trustServerCertificate=true";
        cnn = DriverManager.getConnection(cadena);
        stm = cnn.createStatement();

    } catch (Exception e) {
        System.out.println(e.getMessage());

    }
}

}

Fedor · Accepted Answer · 2023-09-02 14:42:46Z

com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".

import java.sql.Connection;

import java.sql.DriverManager;

import java.sql.SQLException;

public class DBContext {

    protected Connection connection;

    public DBContext() {
        try {
            // Edit URL , username, password to authenticate with your MS SQL Server
            String url = "jdbc:sqlserver://localhost:1433;databaseName= Trading2022";
            String username = "sa";
            String password = "221202";
            Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
            connection = DriverManager.getConnection(url, username, password);
        } catch (ClassNotFoundException | SQLException ex) {
            System.out.println(ex);
        }
    }
}

Collectives™ on Stack Overflow

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed:

4 Answers 4

3 Comments

1 Comment

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

3 Comments

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related