SSL/TLS Certificate Validation Error in Mendix AKS with SQL Server Connection
0
Hi community I´m experiencing a persistent issue when connecting a Mendix application (deployed in AKS) to a Microsoft SQL Server instance using the Mendix Database Connector module.Although I´m explicitly using the following JDBC connection string: jdbc:sqlserver://{serverip}:1433;encrypt=false;trustServerCertificate=true;databaseName={databaseName} …the application still fails to establish the connection. The error message returned is: com.mendix.systemwideinterfaces.MendixRuntimeException: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Certificates do not conform to algorithm constraints". ClientConnectionId:1fb7c20e-1cf8-4180-bae1-cf616777e9ed at com.mendix.basis.actionmanagement.ActionManager.executeSync(ActionManager.scala:125) Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Certificates do not conform to algorithm constraints". ClientConnectionId:1fb7c20e-1cf8-4180-bae1-cf616777e9ed at com.mendix.basis.actionmanagement.ActionManager.executeSync(ActionManager.scala:125) Caused by: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Certificates do not conform to algorithm constraints". ClientConnectionId:1fb7c20e-1cf8-4180-bae1-cf616777e9ed at com.mendix.basis.actionmanagement.ActionManager.executeSync(ActionManager.scala:125) Caused by: Certificates do not conform to algorithm constraints at com.mendix.basis.actionmanagement.ActionManager.executeSync(ActionManager.scala:125) Caused by: Certificates do not conform to algorithm constraints at com.mendix.basis.actionmanagement.ActionManager.executeSync(ActionManager.scala:125) Caused by: Algorithm constraints check failed on signature algorithm: SHA1withRSA at com.mendix.basis.actionmanagement.ActionManager.executeSync(ActionManager.scala:125) Troubleshooting already performed: Verified SQL Server is reachable and accepts connections from inside the AKS cluster. *Confirmed the same connection string works from a local environment. Verified that encrypt=false and trustServerCertificate=true are set correctly. Replaced the Microsoft JDBC driver with version 9.4.1.jre11, which previously worked in similar cases. Cleaned and redeployed the Mendix project. Can anyone help with this?
The suspect here could be SHA1withRSA algorithm, i think the Microsoft SQL server you are trying to connect is in non compliance with this algorithm. Remove this from your certificate or use any latest version available and try to connect.