You can translate the question and the replies:

Connecting to SSL Enabled Denodo Using NodeJS and JDBC

I am trying to connect to Denodo to obtain access to a view using a web app created from Node JS and the jdbc library. I was able to figure out how to successfully connect to a non SSL version of Denodo but I would like to know how to do it for an SSL version too. I went through the Denodo documentation and the jdbc documentation for additional parameters that I can include for SSL connections. The jdbc documentation states that driver parameters from the database should be used. Unfortunately, Denodo only has ssl. I used https and fs from the npm library to enable https connections on the domain. (FYI, SSL is already enabled on the Denodo server and client). I also created self signed certificates for server authentication which were added to Chrome to remove the error message about the page being unsafe when I access the URL. Although the server runs and renders the index page, I get the error **java.sql.SQLException: connection error: Cannot trust the server to establish a SSL connection** when attempting to access other pages. Something may be wrong with my configuration, but I don't think that's the issue since there aren't any other parameters for SSL that can be added or were improperly set. There's a step I missed in between but I'm not sure if it's missing a set of certificates or not configuring something with them.
user
14-09-2020 09:38:36 -0400

4 Answers

Hi, I can successfully connect to SSL enabled Denodo. In order to secure the communication between the Denodo server and its JDBC clients, I would set the Java system property** javax.net.ssl.trustStore** to point to the TrustStore that contains the certificate used by the Denodo servers. Regarding the error** java.sql.SQLException: connection error: Cannot trust the server to establish a SSL connection**, it usually occurs when SSL is enabled in Virtual DataPort Server but the certificate is not imported into the trust store of the client. As the browser is a third-party application (it does not look to cacerts file at all), it does not trust the self-signed certificate that we imported using the .jks file. So to enable the browser to trust the certificate in Chrome, I would perform the following steps in the browser: * Navigate to Settings> Privacy and security > More> Manage Certificate * Select the Trusted Root Certification Authorities tab * Click Import and import the .cer file into the Trusted Root Certification Authorities store. To get more information, you can have a look at the sections [Enabling SSL/TLS for External Clients](https://community.denodo.com/docs/html/browse/latest/platform/installation/postinstallation_tasks/enable_ssl_connections_in_the_denodo_platform_servers/enabling_ssl_for_external_clients#enabling-ssl-tls-for-external-clients) of the Denodo Platform Installation Guide and [JDBC Driver Parameters](https://community.denodo.com/docs/html/browse/latest/vdp/developer/access_through_jdbc/parameters_of_the_jdbc_connection_url/parameters_of_the_jdbc_connection_url#jdbc-driver-parameters) of the Virtual DataPort Developer Guide. Hope this helps!
Denodo Team
16-09-2020 00:06:57 -0400
Thanks for responding. Based on the documentation from the jdbc module and Denodo jdbc drivers, this is my current config. const config = { url: URL=jdbc:vdb://<host>:<port>/database_name?ssl=true, drivername: 'com.denodo.vdp.jdbc.Driver', user: @username, password: @password, minpoolsize: 2, maxpoolsize: 3 }; I have **javax.net.ssl.trustStore** already set to the location of the cacerts file as suggested in the Enabling SSL/TLS for External Clients article. In addition, I was wondering if you also used https and fs to setup an https server in NodeJS for connection. Did you create the .cer file or does it already exist somewhere in a Denodo folder? If so, how do we create one or where do we find it? Currently, I already have a .key and .pem file that was generated using openssl that I imported in the Trusted Root Certification Authorities tab.
user
16-09-2020 09:33:54 -0400
I wanted to add some edits to my previous post. Is the .cer file the certificate that was originally created and imported to a trust store according to **Obtaining and Installing an SSL/TLS Certificate**? Other than adding it to the Trusted Root Certification Authorities store, do I need to explicitly state it inside the code for my application? The .key and .pem files were used inside my application's source code generated a certificate inside Chrome which I copied and then added to the Trusted Root Certification Authorities store in Chrome.
user
16-09-2020 18:02:21 -0400
Hi, As mentioned in my previous answer, I would import the **.cer file** into the Trusted Root Certification Authorities store of Chrome to enable Chrome to trust the certificate to make a successful connection with SSL enabled Denodo. If you still need help and if you are a valid support user, I would suggest you to raise a support ticket in the Denodo Support Site so that our support team can help you. Hope this helps!
Denodo Team
22-09-2020 08:25:15 -0400
You must sign in to add an answer. If you do not have an account, you can register here