Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
Database test connection error. The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption.
Products
Fortify Software Security Center
Environment
Fortify Software Security Center (SSC) 23.1
Microsoft SQL Server (MSSQL) database
Situation
After upgrading SSC to version 23.1, unable to connect to MSSQL database. The ssc.log shows the following errors:
....../ssc/init/datasource-test [ERROR] com.fortify.ssc.init.endpoints.AppInitDatabaseOperationsController - Database test connection error: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:......) ...... Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".
Cause
Fortify Software Security Center ships with a MSSQL JDBC driver version that requires an encrypted connection and a trusted server certificate by default.
Resolution
If the connection fails as a result of certificate verification, Fortify recommends that the trust store be provided. If providing a trust store is not an option, trust verification can be disabled. One way to do this is to add the "encrypt=false" parameter in the connection string. If the certificate is trusted, but the certificate DNS name does not match the database server hostname, use the hostNameInCertificate connection property to provide the correct hostname.
Additional Information
Documentation reference: https://www.microfocus.com/documentation/fortify-software-security-center/2310/SSC_Help_23.1.0/index.htm#SSC_UG/First_Config.htm
URL Name
KM000018449