Unable to complete "Database connection setup"
Hi,
- Dedicated (and fresh) server with TeamCity 2021.2.2 (build 99660) installed
- Dedicated SQL Server 2019 database
I have followed the guidelines (JetBrains article) and wanted to select the database type "MS SQL Server". I have provided the details in the "Database host", "Database name", "Authentication" which is set on SQL Authentication and provided the logon credentials. After clicking the Proceed button and a few moments, it displayed the following error message:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:a3900886-03b9-4380-95a3-ad934edabd17. Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Do you have an suggestion on how to fix this?
Please sign in to leave a comment.
I get the same issue. Fresh teamcity install, sql server installed on a separate server.
The JDBC drivers are loaded successfully (10.2). I've tried with win auth and sql auth, same result.
The issue you are facing is that your SQL servers are behind a self-signed certificate (or a public certificate that requires an intermediate certificate. The client cert must be installed into the JVM before the JVM will trust the server. You can find out more here: https://www.jetbrains.com/help/teamcity/using-https-to-access-teamcity-server.html#Configuring+client+JVM+for+trusting+server+certificate
Thanks Denis, that worked. It took a few goes to find the correct certificates so if it helps anyone else:
The certs needed are the ones used for transport encryption (https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/manage-certificates?view=sql-server-ver15).
I couldn't find the default cert so installed a new, dedicated certificate for it. MS documentation should get you through that step if you've not done it before.
Export that cert (I also exported the parent cert) and import it as per Denis's link above: https://www.jetbrains.com/help/teamcity/using-https-to-access-teamcity-server.html#Configuring+client+JVM+for+trusting+server+certificate. Note: you want to set the -alias when importing the cert otherwise it uses the default "mykey" and gives you a naming clash when you import the second certificate.