Install fails with the Microsoft JDBC v10.2 driver


In v10.2 of the Microsoft JDBC driver for Microsoft SQL Server, TLS encryption is enabled by default.

This means that the JDBC driver will attempt to use TLS when connecting to the SQL Server and if TLS is enabled on the server with a self-signed certificate then the IG installation will fail because the certificate can't be verified by the installer.

The workaround is to use an older version of the JDBC driver, e.g. v9.4 so the install completes.

Afterwards you can switch to a newer driver (after trusting the server certificate) or you may also change the JDBC URL if you want to disable TLS encryption with a newer driver.


Support Tip
Comment List
  • Hi Steven, 

    did you get past this issue for the JDBC collectors? we are facing the same with IG 3.7.3 for the JDBC collectors for both SQL and Oracle. any idea how to configure the collectors to trust the certificates? 

  • Hi Steven

    This is true for the installer, but if you want to connect to a MS SQL servers via the JDBC fulfillment connector, it still gives the certification error:
    Unable to connect to your server: DaaS connector returned error (486): Target connection failure: SQLException Error The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: unable to find valid certification path to requested target".

    At the moment struggling to get past this issue.

  • Hello,

       This is no longer the case with Identity Governance 3.7.3 that was released on 02-Dec-20222.  The JDBC URLs have been updated to include encrypt=false by default (including the connection during the installation). 

    Steven Williams
    Principal Enterprise Architect
    Micro Focus