none
Having issue in configuring TLS 1.2 on SQL server 2016 using JDBC driver 6.0

    Question

  • HI,

       I am having issue in configuring TLS 1.2 on SQL server 2016 with WebSphere. 

    error : 

     0000006a SchedulerImpl E   CWSCH0124E: Unable to initialize wps/Scheduler due to error: com.ibm.ws.extensionhelper.exception.UnableToInitializeException: com.ibm.websphere.ce.cm.StaleConnectionException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints". ClientConnectionId:35624353-655f-4d68-a003-8d57f60e62b0 CWWRA0010E: SQL State = 08S01, Error Code = 0
    at com.ibm.ws.extensionhelper.db.impl.DatabaseHelperImpl.connect(DatabaseHelperImpl.java:698)
    at com.ibm.ws.extensionhelper.db.impl.DatabaseHelperImpl.initialize(DatabaseHelperImpl.java:502)
    at com.ibm.ws.extensionhelper.db.impl.DatabaseHelperImpl.<init>(DatabaseHelperImpl.java:262)
    at com.ibm.ws.extensionhelper.impl.ExtensionHelperServiceImpl.getDatabaseHelper(ExtensionHelperServiceImpl.java:116)
    at com.ibm.ws.scheduler.DBHelperImpl.<init>(DBHelperImpl.java:108)
    at com.ibm.ws.scheduler.SchedulerImpl.initialize(SchedulerImpl.java:455)
    at com.ibm.ws.scheduler.SchedulerImpl.access$000(SchedulerImpl.java:186)
    at com.ibm.ws.scheduler.SchedulerImpl$8.run(SchedulerImpl.java:2355)
    at java.security.AccessController.doPrivileged(AccessController.java:694)
    at com.ibm.ws.scheduler.SchedulerImpl.findByName(SchedulerImpl.java:2333)
    at com.ibm.ws.scheduler.SchedulerImpl.findByName(SchedulerImpl.java:2317)
    at com.ibm.ws.scheduler.SchedulerImpl.findTasksByName(SchedulerImpl.java:2280)
    at com.ibm.wps.datastore.ejb.cleanup.SchedulerManagerBean.getTasksByName(SchedulerManagerBean.java:502)
    at com.ibm.wps.datastore.ejb.cleanup.SchedulerManagerBean.getUniqueTask(SchedulerManagerBean.java:271)
    at com.ibm.wps.datastore.ejb.cleanup.EJSRemoteStatelessSchedulerManager_03598d10.getUniqueTask(Unknown Source)
    at com.ibm.wps.datastore.ejb.cleanup._SchedulerManager_Stub.getUniqueTask(_SchedulerManager_Stub.java:320)
    at com.ibm.wps.command.scheduler.GetSchedulerTaskCommand.internalExecute(GetSchedulerTaskCommand.java:103)
    at com.ibm.wps.command.scheduler.AbstractSchedulerTaskCommand$1.run(AbstractSchedulerTaskCommand.java:244)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5556)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5682)
    at com.ibm.wps.command.scheduler.AbstractSchedulerTaskCommand.execute(AbstractSchedulerTaskCommand.java:251)
    at com.ibm.wps.services.datastore.DataStoreServiceImpl.init(DataStoreServiceImpl.java:191)
    at com.ibm.wps.services.Service.init(Service.java:101)
    at com.ibm.wps.services.Service.init(Service.java:78)
    at com.ibm.wps.services.ServiceManager.createService(ServiceManager.java:366)
    at com.ibm.wps.services.ServiceManager.initInternal(ServiceManager.java:261)
    at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:173)
    at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:115)
    at com.ibm.wps.engine.Servlet.init(Servlet.java:986)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:342)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:168)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1376)
    at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:668)
    at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:634)
    at com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize(WebAppImpl.java:453)
    at com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication(WebGroupImpl.java:88)
    at com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication(VirtualHostImpl.java:171)
    at com.ibm.ws.webcontainer.WSWebContainer.addWebApp(WSWebContainer.java:904)
    at com.ibm.ws.webcontainer.WSWebContainer.addWebApplication(WSWebContainer.java:789)
    at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:427)
    at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:719)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1247)
    at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1514)
    at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:704)
    at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:1096)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:799)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl$5.run(ApplicationMgrImpl.java:2315)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5556)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5682)
    at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)
    at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:2320)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:436)
    at com.ibm.ws.runtime.component.CompositionUnitImpl.start(CompositionUnitImpl.java:123)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:379)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.access$500(CompositionUnitMgrImpl.java:127)
    at com.ibm.ws.runtime.component.CompositionUnitMgrImpl$CUInitializer.run(CompositionUnitMgrImpl.java:985)
    at com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run(WsComponentImpl.java:524)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909)
    Caused by: com.ibm.websphere.ce.cm.StaleConnectionException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints". ClientConnectionId:35624353-655f-4d68-a003-8d57f60e62b0 CWWRA0010E: SQL State = 08S01, Error Code = 0
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:437)
    at com.ibm.websphere.rsadapter.GenericDataStoreHelper.mapExceptionHelper(GenericDataStoreHelper.java:628)
    at com.ibm.websphere.rsadapter.GenericDataStoreHelper.mapException(GenericDataStoreHelper.java:687)
    at com.ibm.ws.rsadapter.AdapterUtil.mapException(AdapterUtil.java:2273)
    at com.ibm.ws.rsadapter.spi.WSRdbDataSource.getPooledConnection(WSRdbDataSource.java:2158)
    at com.ibm.ws.rsadapter.spi.WSManagedConnectionFactoryImpl.getConnection(WSManagedConnectionFactoryImpl.java:1801)
    at com.ibm.ws.rsadapter.spi.WSManagedConnectionFactoryImpl.createManagedConnection(WSManagedConnectionFactoryImpl.java:1571)
    at com.ibm.ws.rsadapter.spi.WSManagedConnectionFactoryImpl.createManagedConnection(WSManagedConnectionFactoryImpl.java:1127)
    at com.ibm.ejs.j2c.FreePool.createManagedConnectionWithMCWrapper(FreePool.java:2168)
    at com.ibm.ejs.j2c.FreePool.createOrWaitForConnection(FreePool.java:1838)
    at com.ibm.ejs.j2c.PoolManager.reserve(PoolManager.java:3835)

    • The project is deployed on WebSphere 9.0 application server where only TLSv1.2 is enabled.

    We are facing an issue with jdbc 6.0 ...

    Caused by: com.ibm.websphere.ce.cm.StaleConnectionException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints". ClientConnectionId:35624353-655f-4d68-a003-8d57f60e62b0 CWWRA0010E: SQL State = 08S01, Error Code = 0

    JDBC Driver : https://www.microsoft.com/en-us/download/details.aspx?id=11774

    All the requirements are present according to IBM : https://www.ibm.com/support/knowledgecenter/en/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/tsec_config_strictsp300.html

    But still i am not able to get the connection with SQL server if i revert back that tls 1.2 change it works it breaks only when i enabled tls 1.2.

    Thanks

    Vikram


    • Edited by 3vikram Thursday, May 31, 2018 9:32 PM
    Thursday, May 31, 2018 9:28 PM

All replies

  • Hi Vikram,

    Based on your error log, it seems like the error is more related to WebSphere. So I would suggest you to post your issue to WebSphere Forum for more professional help.

    Forum path: https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000266

    Thanks,
    Xi Jin.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, June 01, 2018 7:54 AM
  • Hi Xi Jin,

              I dont think its a WebSphere Issue, We where successfully able test TLS 1.2 on sql server 2016 only it only fails when we point it to 2014 sql server.  To avoid all the oods we have build two new server one with sql server 2016 and sql server 2014 and see that we have only issue sql server 2014.

    Also we have worked with IBM on this and confirm that this issue is with sql server responds. please find the attached screen shots.

    Nmap resultIBM resultsql 2016  

    Wednesday, June 06, 2018 10:53 PM