1 Reply Latest reply on Mar 12, 2014 10:35 AM by vishu#13

    SSL Encryption for Data Sources

    cmtellez

      Sql 2012 and Coldfusion 10

       

      We have read through the following guides

      https://wikidocs.adobe.com/wiki/display/coldfusionen/Data+Source+Management+for+ColdFusion

      http://helpx.adobe.com/coldfusion/kb/import-certificates-certificate-stores-coldfusion.htm l

       

      Upon enabling SSL encryption on the SQL server, we are able to connect to the datasource with this connection string:

      EncryptionMethod=SSL; ValidateServerCertificate=false;

       

      **some of the information below has been anonymized for security purposes**

       

      When enabling server validation, the connection begins timing out. We have imported the SQL certificate into the keystore using this command

      C:\Program Files\Java\jre7\bin>keytool.exe -importcert -alias cstvnetsql9 xxx.xxx.ucf.edu -trustcacerts -file cstvnetsql9xxx.xxx.ucf.edu.cer -keystore cacerts -storepass changeit

       

      Here is the ConnectionString we are using now:

      EncryptionMethod=SSL; ValidateServerCertificate=true;TrustStore="C:\Program Files\Java\jre7\lib\security\cacerts";TrustStorePassword=changeit;HostNameInCertificate=C STVNETSQL9xxx.xxx.ucf.edu;

       

      Here is the error we receive:

      Connection verification failed for data source: TJEEI
      java.sql.SQLException: Timed out trying to establish connection
      The root cause was that: java.sql.SQLException: Timed out trying to establish connection

       

      Thanks.

        • 1. Re: SSL Encryption for Data Sources
          vishu#13 Level 3

          SQL

          • Create self-signed certificate using IIS.
          • Configure SQL Server to communicate over SSL.
          • Export the certificate which we created in step 1, so that it can be imported in the key store. Do not export private key it is not required.

           

          ColdFusion 10

           

          • Create a keystore

          keytool -keystore sqlstore.jks -genkey -alias sqlstore

          • Import the certificate into this keystore:

          keytool -importcert -file sqlserver.cer -keystore sqlstore.jks -storepass changeit -alias sqlserver

          • Use below mentioned attributes in the connection string :

          EncryptionMethod=SSL; trustStore=C:/ColdFusion10/jre/bin/sqlstore.jks; trustStorePassword=changeit; ValidateServerCertificate=true;

           

          NOTE: The subject property of the certificate and key store must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer.

           

          You need to enable SSL encryption and need to set ValidateServerCertificate as false

           

          HTH

           

          Thanks

          VJ

          1 person found this helpful