[QUESTION] Why is the trustStoreType=Windows-ROOT connection string parameter required?

## Question
Why is the `trustStoreType=Windows-ROOT` (to make it use the Windows certificate trust store) connection string parameter required?

With com.microsoft.sqlserver:mssql-jdbc:12.2.0.jre11 the following connection string and jvm invocation successfully work:

```powershell
# connection string: jdbc:sqlserver://MSSQL:1433;database=master;user=alice.doe;password=my-password;encrypt=strict
# jvm invocation:
java `
    "-Djava.library.path=$jdbcAuthPath\x64" `
    -Djavax.net.ssl.trustStoreType=Windows-ROOT `
    -jar build/libs/example-1.0.0-all.jar
```

But in com.microsoft.sqlserver:mssql-jdbc:12.4.2.jre11 (or above) it fails with:

> Exception in thread "main" com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "strict" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Unless I add `;trustStoreType=Windows-ROOT` to the connection string.

Why do I need to do that? Shouldn't the driver try to populate it from the `javax.net.ssl.trustStoreType` system property?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[QUESTION] Why is the trustStoreType=Windows-ROOT connection string parameter required? #2691

Question

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[QUESTION] Why is the trustStoreType=Windows-ROOT connection string parameter required? #2691

Description

Question

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions