Hi everyone, I’m having issues trying to connect to my local DB for MSSQL. I am using Ignition 8.1.10 and SQL server management studio v18.10. I have checked everything and followed all the steps online, but I am getting this error and don’t know how to fix it:
Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: “PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”. ClientConnectionId:eaee1d6c-8ab1-4c66-a8fc-ee545b7cafdd)
This looks like a different error than before, though I don’t know why reverting the Java version would fix it.
This error implies the certificate being used by SQL Server isn’t trusted by Ignition, which isn’t uncommon when it’s self-signed or signed by an internal CA. You just need to add that CA certificate to Ignition’s supplemental cert store for import.
I wonder if one version of Java is not using SSL at all and the other is?
Do you know where I can find the CA certificate? Is this something SQL server provides? Where is Ignition’s supplemental cert store? I I’m also running Ignition 8.1 I thought ignition packages its own java in version 8.0+ so why would I need to change the version of Java?
You don’t need to change the version of Java, that advice pertains to people on Ignition 7.9 running JDK 8 and having upgraded it to a version that disables the old/deprecated TLS versions by default.
Yup that fixed it! I had to first put the SQL CA certificate in the Trusted Root Certification Authorities store. Then I put the CA Certificate in the supplemental directory. Restarted SQL server, the ignition gateway, and then rebooted my computer. My MSSQL is now valid and connected. Thank you so much for the help!
@Matt_Risser You need to open SQL server configuration manager and go to SQL server network configuration and right click open properties on your database it will probably be something like “SQLEXPRESS.” Afterwards go to the certificate tab and go to view then the details tab then click copy the file and you should be able to export the .DER file. Once you have that certificate file you put in this directory C:\Program Files\Inductive Automation\Ignition\data\certificates\supplemental… I also put in this directory C:\Program Files\Inductive Automation\Ignition\data\certificates. Then restart your gateway and computer and it should work