Question & Answer
Question
We are installing Cloud Pak for Business Automation(CP4BA) 21.0.3 ifix012, and found IBM Content Navigator(ICN) Pod is always under not ready state, in the messages.log of ICN, we can see the following error indicating Microsoft SQL(MS SQL) JDBC driver connection failure:
0000003b SystemOut O CIWEB_SYNC Error: [ @ ] com.ibm.ecm.sync.WebAppListener.contextInitialized()
java.sql.SQLException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "com.ibm.jsse2.util.j: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:4c6dbd29-d603-4128-8b65-c9d6bd5e7e1d DSRA0010E: SQL State = 08S01, Error Code = 0
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3806)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1906)
As confirmed with MS SQL DBA, the database server is not configured as SSL port to external application.
Please help us to fix the issue.
Cause
The following parameter is missing from JDBC configuration files for ICN and also for Content Platform Engine(CPE)
trustServerCertificate="true"
Answer
Please apply the following steps as a workaround:
ICN side:
1) Logon NFS server, and locate the following path for ICN configuration override path
cd <nfs_root_folder>/<namespace>-icn-cfgstore-pvc-<random-string>
2) Create a file named zibm_ICNDS.xml. For the content, please refer the following link
https://github.com/ibm-ecm/container-samples/blob/5.5.8/ICN/configDropins/overrides/ICNDS_SQLServer.xml
<server>
<dataSource id="ECMClientDS" jndiName="ECMClientDS" isolationLevel="TRANSACTION_READ_COMMITTED" type="javax.sql.DataSource">
<jdbcDriver libraryRef="3ptLibrary"/>
<properties.microsoft.sqlserver
serverName="<hostname>"
portNumber="1433"
databaseName="ICNDB"
user="sa"
password="xxxxx"
encrypt="false"
trustServerCertificate="true"
/>
/>
<connectionManager enableSharingForDirectLookups="false" />
</dataSource>
</server>
CPE Side:
1) Logon NFS server, and locate the following path for CPE configuration override path.
cd <nfs_root_folder>/<namespace>-cpe-cfgstore-pvc-<random-string>
2) Create the following configuration files depending on actual GCD and ObjectStore databases setup.
zibm_GCD.xml
zibm_OS1.xml
...
zibm_OSn.xml
For the content, please refer the following link:
https://github.com/ibm-ecm/container-samples/blob/5.5.8/CPE/configDropins/overrides/OBJSTORE_SQLServer.xml
<server>
<dataSource id="FNOSDBDS" isolationLevel="TRANSACTION_READ_COMMITTED" jndiName="FNOSDBDS">
<jdbcDriver libraryRef="3ptLibrary"/>
<properties.microsoft.sqlserver
serverName="<hostname>"
portNumber="1433"
databaseName="FNOSDB"
user="sa"
password="xxxx"
encrypt="false"
trustServerCertificate="true"/>
</dataSource>
<dataSource id="FNOSDBDSXA" jndiName="FNOSDBDSXA" isolationLevel="TRANSACTION_READ_COMMITTED" type="javax.sql.XADataSource" supplementalJDBCTrace="true">
<properties.microsoft.sqlserver
serverName="<hostname>"
portNumber="1433"
databaseName="FNOSDB"
user="sa"
password="xxxxx"
encrypt="false"
trustServerCertificate="true"/>
<connectionManager enableSharingForDirectLookups="true" />
<jdbcDriver libraryRef="3ptLibrary"/>
</dataSource>
</server>
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001iUBAAY","label":"Use-\u003EFNCM App Usage"}],"ARM Case Number":"TS010408315","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"21.0.3"}]
Was this topic helpful?
Document Information
Modified date:
29 September 2022
UID
ibm16825083