[SQLServer] 최신 JDBC(10.2.0) 사용시 SSL(Secure Sockets Layer) 암호화 에러발생

 

SQL Server JDBC 10.2.0 사용하여 JAVA Application 구동시 SSL 관련 에러가 발생한다.

JDBC Maven Dependency

<dependency>
    <groupId>com.microsoft.sqlserver</groupId>
    <artifactId>mssql-jdbc</artifactId>
    <version>10.2.0.jre11</version>
</dependency>

에러내용

com.microsoft.sqlserver.jdbc.SQLServerException

[2022-02-18 17:02:26.790] [INFO ] [restartedMain] AppStarter:59 - Started AppStarter in 12.229 seconds (JVM running for 13.207)
[2022-02-18 17:02:31.032] [INFO ] [http-nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]:173 - Initializing Spring DispatcherServlet 'dispatcherServlet' 
[2022-02-18 17:02:31.033] [INFO ] [http-nio-8080-exec-1] o.s.web.servlet.DispatcherServlet:524 - Initializing Servlet 'dispatcherServlet' 
[2022-02-18 17:02:31.054] [INFO ] [http-nio-8080-exec-1] o.s.web.servlet.DispatcherServlet:546 - Completed initialization in 21 ms 
[2022-02-18 17:02:31.178] [INFO ] [http-nio-8080-exec-1] com.zaxxer.hikari.HikariDataSource:110 - HikariPool-1 - Starting... 
[2022-02-18 17:02:31.766] [ERROR] [http-nio-8080-exec-1] com.zaxxer.hikari.pool.HikariPool:595 - HikariPool-1 - Exception during pool initialization. 
com.microsoft.sqlserver.jdbc.SQLServerException: 드라이버가 SSL(Secure Sockets Layer) 암호화를 사용하여 SQL Sever로 보안 연결을 설정할 수 없습니다. 오류: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:8a029f18-fb62-4a3c-9cc2-ada2c5452653
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3680)
	at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:2113)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:3204)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2833)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:2671)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1640)
	at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:936)
	at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:138)
	at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:353)
	at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:201)
	at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:473)
	at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:562)
	at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:115)
	at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:112)
	at org.springframework.jdbc.datasource.DataSourceTransactionManager.doBegin(DataSourceTransactionManager.java:262)
	at org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:378)
... 생략 ...	
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
	... 121 common frames omitted

 

해결방법은 설정파라미터 jdbc-url 에서 SQL Server TLS 인증서의 유효성을 검사하지 않아도 되는 인증된 서버라는 값(encrypt=true;trustServerCertificate=true)을 설정해주면 된다. 

datasource.driver-class-name=com.microsoft.sqlserver.jdbc.SQLServerDriver
datasource.jdbc-url=jdbc:sqlserver://<IP>;databaseName=DB;encrypt=true;trustServerCertificate=true datasource.username=사용자명
datasource.password=암호

개인적인 생각으로는 보안이 점점 강력해 지면서 SSL 접속 기본설정이 true로 설정되어 문제가 발생된 것 같아 보인다.

 

공식사이트 - https://docs.microsoft.com/ko-kr/sql/connect/jdbc/connecting-with-ssl-encryption?view=sql-server-ver15 

암호화를 사용하여 연결 - JDBC Driver for SQL Server

JDBC-URL 파라미터 안내 - MS SQLServer 공식사이트