IBM Support

Receiving a "com.microsoft.sqlserver.jdbc.SQLServerException" error when using a map that contains a Java User Exit to connect to an external database.

Troubleshooting


Problem

A map which uses a custom java program to connect to an external database to retrieve data issues the following error in the Tx.log:

com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Cause

The User Exit had worked in an earlier version of Sterling Integrator (525) but when the map was migrated to a 6.2.1 SI system, the code does not work and issues the above stack trace. The cause is with a new version of a JDK used by Sterling Integrator, the java code needed to have the connection string updated.

The issue to them is clearly related to the Java code being used in the user exit from the map. The map is simply trying to retrieve a value from your custom Java code via that user exit.

When your code is running as part of the virtual machine (VM) used by the calling application, the way it connects to the database is affected by the environment’s security settings. In this case, the exception shows that the Java code is failing to establish a secure SSL connection to SQL Server because the server’s SSL certificate is not trusted by the JVM. This is a common issue when the required certificate is not imported into the JVM truststore, or when the JDBC connection string is not configured to trust the server certificate.

Resolving The Problem

To resolve the issue, you first must make sure you compile the java code with the same JDK that is used by the Sterling Integrator system. Then follow one of the three options below:

 

Option 1: Import the SQL Server Certificate into the JVM Truststore

 1. Export the SQL Server’s SSL certificate (ask your DBA or use a browser/openssl).

 2. Import it into the JVM truststore used by B2Bi:

     keytool -import -alias sqlserver -file server-cert.cer -keystore $JAVA_HOME/lib/security/cacerts  (Default password is usually changeit.)

Option 2: Temporarily Trust the Server Certificate

. In your JDBC connection string, set: trustServerCertificate=true

Option 3: Use a Valid CA-Signed Certificate Have your SQL Server admin install a certificate signed by a CA trusted by your JVM.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"ARM Category":[{"code":"a8m50000000CjqzAAC","label":"Translation-\u003EUser Exit"}],"ARM Case Number":"TS020310149","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1.0;5.2.0;5.2.1;5.2.2;5.2.3;5.2.4;5.2.5;5.2.6;6.0.0;6.0.1;6.0.2;6.0.3;6.1.0;6.1.1;6.1.2;6.2.0;6.2.1;6.2.2"}]

Document Information

Modified date:
16 December 2025

UID

ibm17251149

Page Feedback