Lucee encrypted JDBC connection to Informix (CORRECTED)

Steven_Durette · May 13, 2021, 6:34pm

All,

(Corrected to show all text)

I’m trying to do an encrypted connection (SSL/TLS) through JDBC to Informix. I have the latest JDBC drivers 4.50.JC5, and I can make an unencrypted connection to an Informix database, but when I try to do an encrypted connection it fails. I have imported the Informix Server’s public key into cacerts and I have connection string settings to turn on the SSL connection but it always fails.

Any one have any ideas, or is there some reason that Lucee cannot do this type of connection?

Here are example connection strings (redacted):
Working Non-Encrypted:
URL: jdbc:informix-sqli://{server}:{port}/{dbname}:INFORMIXSERVER=
Class: com.informix.jdbc.IfxDriver

Not working Encrypted:
URL: jdbc:informix-sqli://{server}:{port}/{dbname}:INFORMIX_SERVER={servername};SSLCONNECTION=true;SSL_TRUSTSTORE=C:/path/to/cacerts;SSL_TRUSTSTORE_PASSWORD={cacertpassword};
Class: com.informix.jdbc.IfxDriver

Note: In the encrypted {servername} is NOT the same as {server}. It is set up that way on the Informix server (I have no control over this server, I just have to get data from it).

I have tried various url parameters, but have had no luck.

Info and stack trace below.

Thanks,
Steve

OS: Windows Server 2016 (10.0) 64 bit
Java Version: openjdk 11.0.7 2020-04-14 LTS
Tomcat Version: 9.0.31
Lucee Version: 5.3.6.61

The latest error is:
Message: Connection not established
NativeErrorCode: -79730
SQLState: IX000
StackTrace:
lucee.runtime.exp.DatabaseException: Connection not established at com.informix.util.IfxErrMsg.buildExceptionWithMessage(IfxErrMsg.java:416) at com.informix.util.IfxErrMsg.buildException(IfxErrMsg.java:397) at com.informix.util.IfxErrMsg.getSQLException(IfxErrMsg.java:379) at com.informix.jdbc.IfxStatement.validate(IfxStatement.java:192) at com.informix.jdbc.IfxStatement.executeUpdateBody(IfxStatement.java:316) at com.informix.jdbc.IfxStatement.executeUpdate(IfxStatement.java:212) at com.informix.jdbc.IfxSqliConnect.setTransactionIsolation(IfxSqliConnect.java:2810) at com.informix.jdbc.IfxSqliConnect.setDatabaseLocale(IfxSqliConnect.java:3056) at com.informix.jdbc.IfxSqliConnect.setDatabaseOpen(IfxSqliConnect.java:2926) at com.informix.jdbc.IfxSqli.callsetDatabaseOpen(IfxSqli.java:2527) at com.informix.jdbc.IfxSqli.executeOpenDatabase(IfxSqli.java:1806) at com.informix.jdbc.IfxSqliConnect.(IfxSqliConnect.java:1751) at com.informix.jdbc.IfxDriver.connect(IfxDriver.java:167) at lucee.runtime.db.DataSourceSupport._getConnection(DataSourceSupport.java:122) at lucee.runtime.db.DataSourceSupport.getConnection(DataSourceSupport.java:98) at lucee.runtime.db.DatasourceConnectionPool.loadDatasourceConnection(DatasourceConnectionPool.java:155) at lucee.runtime.db.DatasourceConnectionPool.getDatasourceConnection(DatasourceConnectionPool.java:116) at lucee.runtime.db.DatasourceManagerImpl.getConnection(DatasourceManagerImpl.java:81) at lucee.runtime.tag.Query.executeDatasoure(Query.java:1074) at lucee.runtime.tag.Query._doEndTag(Query.java:672) at lucee.runtime.tag.Query.doEndTag(Query.java:552) at views.admin.testdatasources_cfm$cf.call(/views/admin/testDatasources.cfm:28) at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:945) at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:837) at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:818) at framework.one_cfc$cf.udfCallb(/framework/one.cfc:1875) at framework.one_cfc$cf.udfCall(/framework/one.cfc) at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:106) at lucee.runtime.type.UDFImpl._call(UDFImpl.java:344) at lucee.runtime.type.UDFImpl.call(UDFImpl.java:217) at lucee.runtime.type.scope.UndefinedImpl.call(UndefinedImpl.java:779) at lucee.runtime.util.VariableUtilImpl.callFunctionWithoutNamedValues(VariableUtilImpl.java:785) at lucee.runtime.PageContextImpl.getFunction(PageContextImpl.java:1710) at framework.one_cfc$cf.udfCall5(/framework/one.cfc:868) at framework.one_cfc$cf.udfCall(/framework/one.cfc) at lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:106) at lucee.runtime.type.UDFImpl._call(UDFImpl.java:344) at lucee.runtime.type.UDFImpl.call(UDFImpl.java:217) at lucee.runtime.ComponentImpl._call(ComponentImpl.java:680) at lucee.runtime.ComponentImpl._call(ComponentImpl.java:568) at lucee.runtime.ComponentImpl.call(ComponentImpl.java:1898) at lucee.runtime.listener.ModernAppListener.call(ModernAppListener.java:436) at lucee.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:215) at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:42) at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2416) at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2406) at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2381) at lucee.runtime.engine.Request.exe(Request.java:43) at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1127) at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1073) at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97) at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.microsoft.azure.appservice.filters.AppServiceFilter.doFilter(AppServiceFilter.java:35) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.microsoft.azure.appservice.EasyAuthFilter.doFilter(EasyAuthFilter.java:47) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834)

Terry_Whitney · May 14, 2021, 1:49pm

Make sure port 9089 is open for outbound and inbound in your firewall on both hosts.
Make sure you are using FQDN or if you can not, then put a host entry on both machines X.X.X.X. SERVER-WEB
X.X.X.X SERVER-INFORMIX
make sure you import the certificate for your informix database to your tomcat / lucee instance
try to debug at the command line on the server that is trying to make the connection.

java -Djavax.net.debug=ssl:handshake:verbose:keymanager:trustmanager -Djava.security.debug=access:stack  JavaHttpsClient https://SERVERIP:SERVERPORT 1

Sceiffer · October 25, 2021, 3:09pm

First of all, how did you install the IBM Informix JDBC driver? I was trying to do it as I put the *.JAR file in {ColdFusion Root}\lib folder, but I couldn’t find a similar folder in Lucee. My driver version is 4.50.6 and I’ve found it at https://javalibs.com/artifact/com.ibm.informix/jdbc

Steven_Durette · October 25, 2021, 6:39pm

I dropped it in the same folder as the Lucee jar. I also tried putting it in the tomcat lib directory.