SQL Server Enable SSL in ColdFusion 2018 Administrator

p4tfgftt  于 2023-06-28  发布在  其他
关注(0)|答案(2)|浏览(163)

I want to add a database (Microsoft SQL) to the website I'm working on, using Cold Fusion Administrator (latest version).

After entering all needed data, I got the issue:

Connection verification failed for data source: dbKantine
java.sql.SQLException: The sqlserver package is not installed. You can install the package through the CLI package manager (C:/Users/MYNAME/.CommandBox/server/C1EA019F5A81794693D0EA837C1622B4-PROJECTNAME/adobe-2021.0.2.328618/WEB-INF/cfusion/bin/cfpm.bat) by running the command : install sqlserver.

I tried to execute the *.bat file mentioned, but nothing happened.

I also tried install sqlserver in the CommandBox, but it says:

Error getting ForgeBox entry [sqlserver]

The entry slug sent is invalid or does not exist

EDIT:

I got it installed using cfpm.sh and wrote there "install sqlserver".

But now it tells me this inside of Cold Fusion Administrator:

Connection verification failed for data source: MYDB
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]An SSL socket connection could not be established because JRE 1.4 or above is required.

EDIT 2:

I setup everything again with ColdFusion 2018 (as I'm learning CF 2018 currently).

Now I get the issue:
Connection verification failed for data source: MYDB java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The SQL Server login requires an SSL connection. The root cause was that: java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The SQL Server login requires an SSL connection.

What I tried:

I created a *.keystore file and a *.cer file. I followed this (https://usermanual.wiki/adobe/CF11Configen.762142204/html#pf2f) instruction and tried to add the keystore file to the CF Administrator:

5cnsuln7

5cnsuln71#

According to Data Source Management for ColdFusion > Enabling SSL Connection what you need is a truststore . The JVM used by ColdFusion already has a default truststore configured, typically jre\lib\security\cacerts , so no need to create one. Though depending on the server certificate, it may need to be imported into the truststore. The "Enable RMI Over SSL For Data Management" setting isn't relevant. It's for Flex Integration, not datasources.
Do the following to enable SSL connection:

  1. In the ColdFusion Administrator, go to Data & Services > Data Sources.
  2. Select the data source to enable SSL Connection.
  3. In the data source page, click Show Advanced Settings.
  4. In the Connection String text box, specify the connection properties as per the SSL requirements.

The relevant SQL Server SSL connection settings are:

  • EncryptionMethod - Values are noEncryption and SSL
  • TrustStore - The (full path) of the truststore file
  • TrustStorePassword - The password to access the truststore file
  • ValidateServerCertificate - Determines whether the driver validates the certificate sent by the database, true or false . server
  • HostNameInCertificate - Host name for certificate validation. (Either a literal string "host_name" or #SERVERNAME# )

Sample connection string to enable SSL and validate the server certificate:

EncryptionMethod=SSL;ValidateServerCertificate=true;HostNameInCertificate=YourServerName;TrustStore=C:\commandbox\openjdk11\jre\lib\security\cacerts;TrustStorePassword=ThePassword

Sample connection string to enable SSL without validating the server certificate:

EncryptionMethod=SSL;ValidateServerCertificate=false;TrustStore=C:\commandbox\openjdk11\jre\lib\security\cacerts;TrustStorePassword=ThePassword
vhmi4jdf

vhmi4jdf2#

If you are using a valid CA Certificate I found that you can add "EncryptionMethod=SSL;ValidateServerCertificate=true;" to the connection String under advanced settings and make sure that your server name matches what is on the certificate and it will connect securely. You would not need to add your trust store. If you change the Servername to the IP Address it will fail because the IP Address does not match the CN on the certificate. Adding "TrustServerCertificate=True" will overide that verification step and force SSL using the certificate even if the servername and the CN name do not match.

相关问题