问题
I am receiving the below SSL error from a SonarQube service I'm running on an Azure VM using an Azure SQL Server instance that is defined separately in the Azure Portal (and not within the VM). Is there some configuration I'm missing around the SSL certificate setup? I am able to connect to this database from my local PC.
java.lang.IllegalStateException: Can not connect to database. Please check connectivity and settings (see the properties prefixed by 'sonar.jdbc.').
at org.sonar.db.DefaultDatabase.checkConnection(DefaultDatabase.java:104) ~[sonar-db-5.4.jar:na]
at org.sonar.db.DefaultDatabase.start(DefaultDatabase.java:71) ~[sonar-db-5.4.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_91]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_91]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.8.0_91]
at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110) ~[picocontainer-2.15.jar:na]
at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89) ~[picocontainer-2.15.jar:na]
at org.sonar.core.platform.ComponentContainer$1.start(ComponentContainer.java:312) ~[sonar-core-5.4.jar:na]
at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84) ~[picocontainer-2.15.jar:na]
at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169) ~[picocontainer-2.15.jar:na]
at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132) ~[picocontainer-2.15.jar:na]
at org.picocontainer.behaviors.Stored.start(Stored.java:110) ~[picocontainer-2.15.jar:na]
at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016) ~[picocontainer-2.15.jar:na]
at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009) ~[picocontainer-2.15.jar:na]
at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767) ~[picocontainer-2.15.jar:na]
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:134) ~[sonar-core-5.4.jar:na]
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:84) ~[sonar-server-5.4.jar:na]
at org.sonar.server.platform.Platform.start(Platform.java:214) ~[sonar-server-5.4.jar:na]
at org.sonar.server.platform.Platform.startLevel1Container(Platform.java:173) ~[sonar-server-5.4.jar:na]
at org.sonar.server.platform.Platform.init(Platform.java:90) ~[sonar-server-5.4.jar:na]
at org.sonar.server.platform.PlatformServletContextListener.contextInitialized(PlatformServletContextListener.java:43) ~[sonar-server-5.4.jar:na]
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812) [tomcat-embed-core-8.0.30.jar:8.0.30]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255) [tomcat-embed-core-8.0.30.jar:8.0.30]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.0.30.jar:8.0.30]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408) [tomcat-embed-core-8.0.30.jar:8.0.30]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398) [tomcat-embed-core-8.0.30.jar:8.0.30]
at java.util.concurrent.FutureTask.run(Unknown Source) [na:1.8.0_91]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_91]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_91]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_91]
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.". ClientConnectionId:7d086664-7bbe-4c9f-aff7-bb459fd5ba20)
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549) ~[commons-dbcp-1.4.jar:1.4]
at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388) ~[commons-dbcp-1.4.jar:1.4]
at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) ~[commons-dbcp-1.4.jar:1.4]
at org.sonar.db.profiling.NullConnectionInterceptor.getConnection(NullConnectionInterceptor.java:31) ~[sonar-db-5.4.jar:na]
at org.sonar.db.profiling.ProfiledDataSource.getConnection(ProfiledDataSource.java:323) ~[sonar-db-5.4.jar:na]
at org.sonar.db.DefaultDatabase.checkConnection(DefaultDatabase.java:102) ~[sonar-db-5.4.jar:na]
... 30 common frames omitted
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.". ClientConnectionId:7d086664-7bbe-4c9f-aff7-bb459fd5ba20
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1668) ~[sqljdbc41.jar:na]
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668) ~[sqljdbc41.jar:na]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1324) ~[sqljdbc41.jar:na]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:992) ~[sqljdbc41.jar:na]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:828) ~[sqljdbc41.jar:na]
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012) ~[sqljdbc41.jar:na]
at org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38) ~[commons-dbcp-1.4.jar:1.4]
at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582) ~[commons-dbcp-1.4.jar:1.4]
at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1556) ~[commons-dbcp-1.4.jar:1.4]
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1545) ~[commons-dbcp-1.4.jar:1.4]
... 35 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.8.0_91]
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618) ~[sqljdbc41.jar:na]
... 43 common frames omitted
Caused by: java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.
at com.microsoft.sqlserver.jdbc.TDSChannel$HostNameOverrideX509TrustManager.validateServerNameInCertificate(IOBuffer.java:1431) ~[sqljdbc41.jar:na]
at com.microsoft.sqlserver.jdbc.TDSChannel$HostNameOverrideX509TrustManager.checkServerTrusted(IOBuffer.java:1324) ~[sqljdbc41.jar:na]
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source) ~[na:1.8.0_91]
... 52 common frames omitted
回答1:
It seems that the issue was caused by the MS SQL Server Jdbc version currently you used that's low.
Please try to download the SQL Server jdbc version from here, that's higher than version 4.0, instead of your current one.
You can refer to the document Connecting with SSL Encryption for configuring the jdbc connection string with SSL encryption.
There was a similar SO thread you can refer to, please see Certificate Exception connecting to Azure SQL with JDBC with default connection string (the one the management console says to use).
来源:https://stackoverflow.com/questions/36854002/azure-vm-fails-to-connect-to-azure-sql-service