JDBC Connection To Oracle Database Using TCPS Fails With java.io.IOException: Keystore was tampered with, or password was incorrect
(Doc ID 2264057.1)
Last updated on JUNE 14, 2023
Applies to:
JDBC - Version 11.2.0.4.0 and laterInformation in this document applies to any platform.
Symptoms
TCPS connection from ColdFusion 2016 using Java 1.8.0 with JDBC 12.1.0.2 ojdbc7.jar fails with:
TCP connections work successfully.
Note: The issue is not specific to ColdFusion. It can happen with any application/web server.
STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Create a self-signed certificate in the database wallet
2. Export and import it into the java cacerts file used by ColdFusion .
3. Export the IIS server certificate and its certificate chain (as base 64 certificate files)
4. Import those certificates into the database wallet as trusted certificates.
5. Set SSL_CLIENT_AUTHENTICATION=FALSE in the sqlnet.ora (no client authentication)
6. Set ColdFusion java arguments: "-server -XX:MaxPermSize=256m -XX:+UseParallelGC -Xbatch -Dcoldfusion.home={application.home} -Dcoldfusion.rootDir={application.home} -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1 -Dcoldfusion.enablefipscrypto=true"
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |