After installing Foglight in FIPS mode and importing the CA certificates into the FIPS TrustStore, the connection to the SQL Server FMS repository fails with the following error:
YYYY-MM-DD hh:mm:s.SSS FATAL [forge-startup] com.quest.nitro.service.upgrade.db.DatabaseUpgradeService - Fatal error connecting to database. Shutting down Foglight server... Check and make sure your database configuration is correct and the database server is up running.
java.lang.RuntimeException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "FIPS mode: only SunJSSE TrustManagers may be used". ClientConnectionId:916a52f1-3e61-4e7f-b618-59c18880315d)
With FIPS mode enabled, when using the "server.database.url" parameter in "$FMS_HOME/config/server.config" to specify a custom database connection URL, the "fips=true" flag needs to be manually added to the connecting string.
For example:
server.database.url = "jdbc:sqlserver://;serverName=dbhostaname;portNumber=1433;database=databasename;ssl=request;encrypt=true;fips=true;";
Note: If not using a custom connection URL and FIPS mode is enabled, the server should automatically build the database connection URL with the 'fips=true' flag based on the individual database connection parameters.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center