Cannot connect to SQL server when SSL is enabled in JBoss EAP

Solution Verified - Updated -

Issue

  • My sqlserver is using a self-sign cert "app.cer". Then I copy the cert to jboss server.

  • 1 ) I created a truststore using below command:

keytool -import -v -trustcacerts -alias myhost -file app.cer -keystore mykeystore.jks

And then I specify the truststore in standalone.xml file:

 <system-properties>
        ...
        <property name="javax.net.ssl.trustStore" value="/data/app_certificate/mykeystore.jks"/>
        <property name="javax.net.ssl.trustStorePassword=xxxxxxxx"/>
    </system-properties>

But when I startup I got the error:

05:49:38,885 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (ServerService Thread Pool -- 57) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: Could not create connection
        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.getXAManagedConnection(XAManagedConnectionFactory.java:525)
        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory$1.run(XAManagedConnectionFactory.java:416)
        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory$1.run(XAManagedConnectionFactory.java:413)
        at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_71]
        at javax.security.auth.Subject.doAs(Subject.java:415) [rt.jar:1.7.0_71]
        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.createManagedConnection(XAManagedConnectionFactory.java:412)
        at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:834) [ironjacamar-core-impl-1.0.28.Final-redhat-1.jar:1.0.28.Final-redhat-1]
        at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:379) [ironjacamar-core-impl-1.0.28.Final-redhat-1.jar:1.0.28.Final-redhat-1]
        at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:406) [ironjacamar-core-impl-1.0.28.Final-redhat-1.jar:1.0.28.Final-redhat-1]
        at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:378) [ironjacamar-core-impl-1.0.28.Final-redhat-1.jar:1.0.28.Final-redhat-1]
        at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:354) [ironjacamar-core-impl-1.0.28.Final-redhat-1.jar:1.0.28.Final-redhat-1]
        at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:368) [ironjacamar-core-impl-1.0.28.Final-redhat-1.jar:1.0.28.Final-redhat-1]
        at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:491) [ironjacamar-core-impl-1.0.28.Final-redhat-1.jar:1.0.28.Final-redhat-1]
        at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:143)
        ...
        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_71]
        at org.jboss.threads.JBossThread.run(JBossThread.java:122)
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1654) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.TDSChannel.read(IOBuffer.java:1789) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.TDSReader.readPacket(IOBuffer.java:4838) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.TDSCommand.startResponse(IOBuffer.java:6154) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.TDSCommand.startResponse(IOBuffer.java:6106) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.SQLServerConnection$1ConnectionCommand.doExecute(SQLServerConnection.java:1756) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:5696) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:1715) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectionCommand(SQLServerConnection.java:1761) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.setTransactionIsolation(SQLServerConnection.java:2095) [sqljdbc4.jar:]
        at com.microsoft.sqlserver.jdbc.SQLServerConnectionPoolProxy.setTransactionIsolation(SQLServerConnectionPoolProxy.java:171) [sqljdbc4.jar:]
        at org.jboss.jca.adapters.jdbc.BaseWrapperManagedConnection.<init>(BaseWrapperManagedConnection.java:200)
        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnection.<init>(XAManagedConnection.java:68)
        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.newXAManagedConnection(XAManagedConnectionFactory.java:539)
        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.getXAManagedConnection(XAManagedConnectionFactory.java:512)
        ... 46 more
  • 2 ) I also tried to set the keystore setting in jdbc url. but still same error.
 <xa-datasource-property name="URL">jdbc:sqlserver://system.my.org\\mydb:1443;databaseName=MyDatabase;encrypt=true;trustServerCertification=true;trustStore=/data/app_certificate/mykeystore.jks;trustStorePassword=xxxxxxxx</xa-datasource-property>

Environment

  • OpenJDK 1.6.0
  • OpenJDK 1.7.0
  • Oracle JDK 1.6.0
  • Oracle JDK 1.7.0
  • MSSQL JDBC driver
  • JBoss Enterprise Application Platform

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content