来自 Java JDBC 的 Azure VM 的 Azure SQL 数据库连接问题

Question

We have a java project in an Azure virtual machine (VM), and need connect to Azure SQL db by JDBC connection, so we use the JDBC connection string provided by Azure SQL db as follows:

"jdbc:sqlserver://ZZZdbserver.database.windows.net:1433;database=ZZZ;user=*****;password=*****;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;"

but we got an exception:

"java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.
 The server name is *.database.windows.net, the name in certificate is cr2.eastus1-a.control.database.windows.net."

then we updated the JDBC connection string to:

"jdbc:sqlserver://ZZZdbserver.database.windows.net:1433;database=ZZZ;user=*****;password=*****;encrypt=true;trustServerCertificate=false;hostNameInCertificate=cr2.eastus1-a.control.database.windows.net;loginTimeout=30;"

but we got another exception:

org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Cannot open server "ZZZ1" requested by the login.  The login failed.)

where "ZZZ1" is our username for the Azure VM.

Any idea to solve this issue?

Answer 1

By default, Azure VM has not blocked the outbound connection to the Internet. You could first verify the network connectivity from your VM to the Azure SQL database via running the command telnet ZZZdbserver.database.windows.net 1433 in CMD or Test-NetConnection -computer ZZZdbserver.database.windows.net -port 1433 in Powershell. If it fails, you may check if there is any firewall blocking this database connection or port or your application is listening on that port or your SQL database is online.

Additionally, if the network connectivity has succeeded, you could verify if the username or password is correct when you are using to connect to your database. Make sure there is not any typo. Also, the username should have enough privileges to access this database. You can try to access this database via Server admin login in the properties of the SQL database. Moreover, you could refer to this sample code to use Java to connect to access the Azure SQL database.

When using the Microsoft JDBC Driver for SQL Server to connect to an Azure SQL Database . You should note this:

• Appending the server name to the userId in the connection string

Prior to the 4.0 version of the Microsoft JDBC Driver for SQL Server, when connecting to an Azure SQL Database, you were required to append the server name to the UserId in the connection string. For example, user@servername. Beginning in version 4.0 of the Microsoft JDBC Driver for SQL Server, it's no longer necessary to append @servername to the UserId in the connection string.

• Using encryption requires setting hostNameInCertificate

Prior to the 7.2 version of the Microsoft JDBC Driver for SQL Server, when connecting to an Azure SQL Database, you should specify hostNameInCertificate if you specify encrypt=true (If the server name in the connection string is shortName.domainName, set the hostNameInCertificate property to *.domainName.). This property is optional as of version 7.2 of the driver.

Hope this helps.

Answer 2

If I need set encrypt=true, and hostNameInCertificate=cr2.eastus1-a.control.database.windows.net. Where do I need get the certificate for cr2.eastus1-a.control.database.windows.net from Azure SQL DB's service?