Keystore was tampered with, or password was incorrect Trying To Connect From A Coldfusion JDBC Connection To Oracle Database Using TCPS (Doc ID 2264057.1)

Last updated on MAY 12, 2017

Applies to:

JDBC - Version 11.2.0.4.0 and later
Information in this document applies to any platform.

Symptoms

TCPS connection from ColdFusion 2016 using java 1.8.0 with JDBC 12.1.0.2 ojdbc7.jar fails with:



TCP connections work successfully.



STEPS
-----------------------
The issue can be reproduced at will with the following steps:

1. Create a self-signed certificate in the database wallet
2. Export and import it into the java cacerts file used by ColdFusion .
3. Export the IIS server certificate and its certificate chain (as base 64 certificate files)
4. Import those certificates into the database wallet as trusted certificates.
5. Set SSL_CLIENT_AUTHENTICATION=FALSE in the sqlnet.ora (no client authentication)
6. Set ColdFusion java arguments: "-server -XX:MaxPermSize=256m -XX:+UseParallelGC -Xbatch -Dcoldfusion.home={application.home} -Dcoldfusion.rootDir={application.home} -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1 -Dcoldfusion.enablefipscrypto=true"





Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms