When creating a bootstrap file from the Spotfire Server to a SQL Server database, you can encrypt the connection. To bypass encryption, you can use the tag “encrypt=false” in your JDBC URL. However, if you see the following error:

--------

Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. ClientConnectionId:9XXXXX0-1000-4xxx-a000-xx000xx0000x

at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:4266) ~[mssql-jdbc.jar:?]

at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1965) ~[mssql-jdbc.jar:?]

at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:3792) ~[mssql-jdbc.jar:?]

at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:3348) ~[mssql-jdbc.jar:?]

at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:3179) ~[mssql-jdbc.jar:?]

at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1953) ~[mssql-jdbc.jar:?]

--------

This indicates that a secure connection could not be established. If your organization requires an encrypted connection, you can follow one of the two resolutions.

Resolution:
Depending on your organization's requirements, choose one of the following scenarios.

Scenario 1:
If your organization is okay with using the Microsoft-provided certificate, the new cacerts file located in <installation>\jdk\lib\security includes the certificate shipped with the installation. Update the JDBC URL to include the tags encrypt=true;trustservercertificate=true:

-----------

“jdbc:sqlserver:/SQL-DB-Server;DatabaseName=your-SF-DB-Name;encrypt=true;trustservercertificate=true;”

-----------

Testing the connection should then be successful.

Scenario 2:
If your organization prefers not to use the Microsoft-provided certificate and opts for a self-generated CA-signed certificate, follow these steps:

1. Obtain the Certificate: Contact your DBA to acquire the certificate needed for encryption.
2. Import the Certificate: Use the following command to import the certificate into the cacerts keystore:

------------

keytool -importcert -file \certificate location from DBA -keystore <installation>\jdk\lib\security\cacerts -alias <alias-name>

-------------

1. Update the Bootstrap: Modify the JDBC URL to include encrypt=true;trustservercertificate=false.
2. Test the Bootstrap Connection.