Error: JDBC_00 - Cannot connect to specified database: java.sql.SQLException: Connection error: Check the host name and port number are correct, and that client and server belong to the same Denodo major version. Cannot trust the server to establish a SSL connection
when connecting pipeline to Denodo using JDBC.
Analysis: This is the issue with SSL certificate configuration. This might occur to due SSL misconfiguration or SDC not enabling SSL connection.
Solution: You can first try to turn on SSL at the pipeline level by adding "?ssl=true" in the end of your connection string.
For example, it could look like this:
jdbc:vdb://<host>:<port>/database_name?ssl=true
If the error still persists, please double check your SSL configuration to see if the certificate you imported to the truststore is valid, of if you have correctly pointed SDC to the right truststore.
Below is the process you can use to extract Denodo cert and import to truststore:
- Use the following command to extract the certificate:
openssl s_client -connect <denodo host:port> </dev/null 2>&1 | sed -n '/BEGIN CERT/,/END CERT/p' > denodo.pem
2. Import the SSL/TLS certificate using default truststore:
- The default location for the Java truststore in most Linux environments is
${JAVA_HOME}/jre/lib/security/cacerts
. Please locate your default truststore location, then use the following command to add Denodo certificate:
sudo keytool -importcert -file <path/to/denodo.pem> -keystore ${JAVA_HOME}/jre/lib/security/cacerts -alias <denodo>
3. Import the SSL/TLS certificate using custom truststore:
- If you want to use a custom truststore instead, please use the following command to create a custom truststore:
keytool -import -noprompt -file <path/to/denodo.pem> -trustcacerts -alias <denodo> -storepass <changeit> -keystore <truststore.jks>
- Update SDC_JAVA_OPTS in $SDC_DIST/libexec/sdc-env.sh or sdcd-env.sh to include
-Djavax.net.ssl.trustStore=<path_to_truststore.jks> -Djavax.net.ssl.trustStorePassword=<changeit>
. - For example:
export SDC_JAVA_OPTS="-Xmx2048m -Xms2048m -server -XX:-OmitStackTraceInFastThrow ${SDC_JAVA_OPTS} -Doverrun.reader.read.limit=2097152 -DDataFactoryBuilder.OverRunLimit=2097152 -Djavax.net.ssl.trustStore=<path_to_truststore.jks> -Djavax.net.ssl.trustStorePassword=<changeit>"