none
Having issue in configuring TLS 1.2 on SQL server 2016 using JDBC driver 6.0 RRS feed

  • Question

  • HI,

       I am having issue in configuring TLS 1.2 on SQL server 2016 with WebSphere. The project is deployed on WebSphere 9.0 application server where only TLSv1.2 is enabled.

    error : 

     0000006a SchedulerImpl E   CWSCH0124E: Unable to initialize wps/Scheduler due to error: com.ibm.ws.extensionhelper.exception.UnableToInitializeException: com.ibm.websphere.ce.cm.StaleConnectionException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints". ClientConnectionId:35624353-655f-4d68-a003-8d57f60e62b0 CWWRA0010E: SQL State = 08S01, Error Code = 0
    at com.ibm.ws.extensionhelper.db.impl.DatabaseHelperImpl.connect(DatabaseHelperImpl.java:698)
    at com.ibm.ws.extensionhelper.db.impl.DatabaseHelperImpl.initialize(DatabaseHelperImpl.java:502)
    at com.ibm.ws.extensionhelper.db.impl.DatabaseHelperImpl.<init>(DatabaseHelperImpl.java:262)
    at com.ibm.ws.extensionhelper.impl.ExtensionHelperServiceImpl.getDatabaseHelper(ExtensionHelperServiceImpl.java:116)
    at com.ibm.ws.scheduler.DBHelperImpl.<init>(DBHelperImpl.java:108)
    at com.ibm.ws.scheduler.SchedulerImpl.initialize(SchedulerImpl.java:455)
    at com.ibm.ws.scheduler.SchedulerImpl.access$000(SchedulerImpl.java:186)
    at com.ibm.ws.scheduler.SchedulerImpl$8.run(SchedulerImpl.java:2355)
    at java.security.AccessController.doPrivileged(AccessController.java:694)
    at com.ibm.ws.scheduler.SchedulerImpl.findByName(SchedulerImpl.java:2333)
    at com.ibm.ws.scheduler.SchedulerImpl.findByName(SchedulerImpl.java:2317)
    at com.ibm.ws.scheduler.SchedulerImpl.findTasksByName(SchedulerImpl.java:2280)
    at com.ibm.wps.datastore.ejb.cleanup.SchedulerManagerBean.getTasksByName(SchedulerManagerBean.java:502)
    at com.ibm.wps.datastore.ejb.cleanup.SchedulerManagerBean.getUniqueTask(SchedulerManagerBean.java:271)
    at com.ibm.wps.datastore.ejb.cleanup.EJSRemoteStatelessSchedulerManager_03598d10.getUniqueTask(Unknown Source)
    at com.ibm.wps.datastore.ejb.cleanup._SchedulerManager_Stub.getUniqueTask(_SchedulerManager_Stub.java:320)
    at com.ibm.wps.command.scheduler.GetSchedulerTaskCommand.internalExecute(GetSchedulerTaskCommand.java:103)
    at com.ibm.wps.command.scheduler.AbstractSchedulerTaskCommand$1.run(AbstractSchedulerTaskCommand.java:244)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5556)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5682)
    at com.ibm.wps.command.scheduler.AbstractSchedulerTaskCommand.execute(AbstractSchedulerTaskCommand.java:251)
    at com.ibm.wps.services.datastore.DataStoreServiceImpl.init(DataStoreServiceImpl.java:191)
    at com.ibm.wps.services.Service.init(Service.java:101)
    at com.ibm.wps.services.Service.init(Service.java:78)
    at com.ibm.wps.services.ServiceManager.createService(ServiceManager.java:366)
    at com.ibm.wps.services.ServiceManager.initInternal(ServiceManager.java:261)
    at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:173)
    at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:115)
    at com.ibm.wps.engine.Servlet.init(Servlet.java:986)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:342)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:168)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1376)
    at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:668)
    at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:634)
    at com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize(WebAppImpl.java:453)
    at com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication(WebGroupImpl.java:88)
    at com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication(VirtualHostImpl.java:171)
    at com.ibm.ws.webcontainer.WSWebContainer.addWebApp(WSWebContainer.java:904)
    at com.ibm.ws.webcontainer.WSWebContainer.addWebApplication(WSWebContainer.java:789)
    at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:427)
    at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:719)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1247)
    at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1514)
    at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:704)
    at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:1096)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:799)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl$5.run(ApplicationMgrImpl.java:2315)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5556)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5682)
    at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:2320)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:436)
    at com.ibm.ws.runtime.component.CompositionUnitImpl.start(CompositionUnitImpl.java:123)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:379)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.access$500(CompositionUnitMgrImpl.java:127)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl$CUInitializer.run(CompositionUnitMgrImpl.java:985)
    at com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run(WsComponentImpl.java:524)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909)
    Caused by: com.ibm.websphere.ce.cm.StaleConnectionException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints". ClientConnectionId:35624353-655f-4d68-a003-8d57f60e62b0 CWWRA0010E: SQL State = 08S01, Error Code = 0
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:437)
    at com.ibm.websphere.rsadapter.GenericDataStoreHelper.mapExceptionHelper(GenericDataStoreHelper.java:628)
    at com.ibm.websphere.rsadapter.GenericDataStoreHelper.mapException(GenericDataStoreHelper.java:687)
    at com.ibm.ws.rsadapter.AdapterUtil.mapException(AdapterUtil.java:2273)
    at com.ibm.ws.rsadapter.spi.WSRdbDataSource.getPooledConnection(WSRdbDataSource.java:2158)
    at com.ibm.ws.rsadapter.spi.WSManagedConnectionFactoryImpl.getConnection(WSManagedConnectionFactoryImpl.java:1801)
    at com.ibm.ws.rsadapter.spi.WSManagedConnectionFactoryImpl.createManagedConnection(WSManagedConnectionFactoryImpl.java:1571)
    at com.ibm.ws.rsadapter.spi.WSManagedConnectionFactoryImpl.createManagedConnection(WSManagedConnectionFactoryImpl.java:1127)
    at com.ibm.ejs.j2c.FreePool.createManagedConnectionWithMCWrapper(FreePool.java:2168)
    at com.ibm.ejs.j2c.FreePool.createOrWaitForConnection(FreePool.java:1838)
    at com.ibm.ejs.j2c.PoolManager.reserve(PoolManager.java:3835)





    JDBC Driver : https://www.microsoft.com/en-us/download/details.aspx?id=11774

    All the requirements are present according to IBM : https://www.ibm.com/support/knowledgecenter/en/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/tsec_config_strictsp300.html



    But still i am not able to get the connection with SQL server if i revert back the tls 1.2 changes it works fine breaks only when i enabled tls 1.2.



    Thanks

    Vikram
    Thursday, May 31, 2018 9:37 PM

Answers