In Liquibase Enterprise 8.5 MSSQL JDBC driver is updated from 8.4.1 to 12.4.0. Between these versions an important default behavior for the encrypt
parameter was changed from false
to true
. This guide covers how to navigate the potential issues caused by this update.
Solution 1: TrustServerCertificate (easier but less safe)
If the trustServerCertificate
property is enabled it will encrypt JDBC traffic. This means that your database is open to attacks and data leaks because authority certification is not mandatory. This means that your database is accessible to outside networks and can be insecure.
It is best to use this option only from a private network.
If you decide to use this option - you will need to add trustServerCertificate=true
to mssql_driver.properties
files. There are two files:
On the GUI level
On the CLI (hammer) level (repl folder)
Solution 2: Configure Truststore (more complicated, but safe)
Import the certificate which is used by your database into Java’s default Truststore. Java’s default Truststore is located in
PATH_TO_JAVA_HOME_USED_BY_DATICAL/lib/security/cacerts
and its default password ischangeit
.To import the certificate, run:
keytool -import -v -trustcacerts -alias YOUR_ALIAS_NAME -file PATH_TO_YOUR_CERTIFICATE -keystore PATH_TO_JAVA_HOME_USED_BY_DATICAL/lib/security/cacerts
Important note: PATH_TO_JAVA_HOME_USED_BY_DATICAL
← by default Liquibase Enterprise uses JRE which we provide with the installer (jre folder on the GUI level)
After it is successfully imported, the error should resolved. Learn more from MSSQL’s documentation: https://learn.microsoft.com/en-us/sql/connect/jdbc/configuring-the-client-for-ssl-encryption?view=sql-server-ver16
Solution 2A: Use a custom Truststore
If you have a custom Truststore and would like to use it instead of the Java’s default one follow the below instructions.
1. Implement your custom Truststore with the CLI or GUI by adding the two properties listed below into the mssql_driver.properties
file.
Refer to step 1 above in Solution 2 to find where the mssql_driver.properties
files are stored).
Properties:
trustStore
← path to the truststore, e.g.trustStore=/Users/datical/my_custom_store
trustStorePassword
← truststore password, e.g.trustStorePassword=Customstorepass