search

flyway / flyway

Flyway by Redgate • Database Migrations Made Easy.
https://flywaydb.org
Apache License 2.0
8.11k stars 1.5k forks source link

Flyway giving PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target error #3740

Open guystanden opened 1 year ago

guystanden commented 1 year ago
Which version and edition of Flyway are you using?

Community Edition 9.21.2

If this is not the latest version, can you reproduce the issue with the latest one as well? (Many bugs are fixed in newer releases and upgrading will often resolve the issue)
Which client are you using? (Command-line, Java API, Maven plugin, Gradle plugin)

Command line

Which database are you using? (Type & version)

MSSQL Server 2017

Which operating system are you using?

Windows 10 Enterprise

What did you do? (Please include the content causing the issue, any relevant configuration settings, the SQL statement(s) that failed (if any), and the command you ran)

Tried to run migration using flyway url

flyway.url=jdbc:sqlserver://localhost:1433;instance=MSSQLSERVER;databaseName=;integratedSecurity=true;

Have also tried adding other arguments such as

encrypt=true;trustServerCertificate=true; encrypt=true;trustServerCertificate=false;trustStore="C:/Program Files/Java/jre-1.8/lib/security/cacerts";trustStorePassword="changeit";overrideDefaultTLS=true JAVA_ARGS="-Djdk.tls.client.protocols=TLSv1";

and many other variations

I have also tried adding the local self-signed cert to the cacerts file, adding root CA certs and adding a local cert signed by the root CA

Also tried enabling ssl debugging on the runtime to get better diagnostics on the handshake.

What did you expect to see?

Flyway migration completes without errors

What did you see instead?

ERROR: Unable to obtain connection from database (jdbc:sqlserver://localhost:1433;instance=MSSQLSERVER;DatabaseName=OIG_DB;integratedSecurity=true) for user 'null': The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:0ca6080b-acad-4757-acc5-cc5c91eb7e7b

cajund commented 1 year ago

Have you tried this approach? I'm attempting it now.

https://www.joaorosa.io/2019/01/13/using-flyway-and-gitlab-to-deploy-a-mysql-database-to-aws-rds-securely/

skumar568 commented 10 months ago

Alternatively you can add ;Encrypt=True;TrustServerCertificate=True to your DB URL.