Question

Mendix 10.24 Windows Service – SQL Server SSL error (PKIX path building failed) during startup

0

Hi everyone, I am facing an issue while starting a Mendix 10.24 application deployed as a Windows Service. The runtime fails during startup with the following error: Opening JDBC connection to 192.168.1.33/MA_OLTP failed with SQLState: 08S01 Error code: 0 Message: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. ClientConnectionId: f36cf4bb-2b04-408d-b0c0-8e2c08171084 After retrying multiple times, the service gives up and stops: giving up...(4/4) Environment Mendix version: 10.24 Deployment type: Windows Service Database: SQL Server Java version: JDK 21 (Eclipse Adoptium) Has anyone encountered this issue with Mendix 10.24 and SQL Server connectivity?Any guidance on how to resolve this SSL/certificate-related error would be appreciated. Thanks in advance.

asked 2025-12-17

Arun Palani

1 answers

Mohammad Abdul Ghafour · Answer 1 · 2025-12-18

Hi Arun,

This error occurs because Mendix (running on Java) is trying to establish an encrypted connection, but the SQL Server certificate is not trusted by the JVM.

For an on-premises deployment, you have the following options:

1- Provide the SQL Server (Root CA or self-signed) certificate to the Mendix Runtime.

Export the public certificate from SQL Server ( .crt or .pem).
Open Mendix Service Console > Configuration > Advanced.
Add a custom runtime setting:
- Name: CACertificates
- Value: Full local path to the certificate file (e.g., C:\Certs\sqlserver.crt).
Restart the Mendix service.

2- If you are using a self-signed certificate and do not need full validation (for Dev or Test Environments), you can tell the driver to trust it regardless of its origin.

Open the Mendix Service Console.
Go to Project > Configuration > Advanced.
Add or modify the DatabaseJdbcUrl custom setting:
- Value: jdbc:sqlserver://192.168.1.33;databaseName=MA_OLTP;encrypt=true;trustServerCertificate=true;

3- If your network is secure and encryption is not required, you can disable it entirely:

Add the custom setting DatabaseUseSsl with the value false.
Update your connection string DatabaseJdbcUrl to include encrypt=false;.

You can find all available custom settings in the Mendix documentation:

https://docs.mendix.com/refguide/custom-settings/

Hope this helps resolve the issue.