Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
AWS Degraded - You may experience Community slowness, timeouts, or trouble accessing: LATEST HERE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
bsha2611
Contributor
Contributor
‎2021-04-15 01:09 PM

Connecting SSL encryption enabled RDS Oracle Instance through Talend 7.3

Hi Gurus,

We have a case where we want connect to Oracle RDS Instance that has SSL encryption. through tDBComponent in Talend 7.3

 

Below configuration in the tDBConnection component.

 

Database - Oracle

Connection Type: Oracle Custom

DB Version : Oracle 12-7

URL : "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=<db host>)(PORT=5433))(CONNECT_DATA=(SID=<sid>)))"

Use SSL (checked)

TrustStore file: <path>/clientkeystore.jks

TrustStore password: <password>

Addition JDBC Parameters: "EncryptionMethod=SSL&CryptoProtocolVersion=TLSv1.2"

 

In addition while are using specific JVM arguments while running the job as below:

-Doracle.jdbc.J2EE13Compliant="true"

-Djavax.net.ssl.trustStoreType="JKS"

 

However when we execute this code we are getting the below errors:

java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection

at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:673)

at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:715)

at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:385)

at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:30)

at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:564)

at java.sql.DriverManager.getConnection(DriverManager.java:664)

at java.sql.DriverManager.getConnection(DriverManager.java:208)

Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection

at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:445)

at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:464)

at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:594)

at oracle.net.ns.NSProtocol.connect(NSProtocol.java:229)

at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1360)

at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:486)

... 10 more

Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.

at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:325)

at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:115)

at oracle.net.nt.ConnOption.connect(ConnOption.java:133)

at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:411)

... 15 more

Caused by: oracle.net.ns.NetException: Unable to initialize the trust store.

at oracle.net.nt.CustomSSLSocketFactory.getTrustManagerArray(CustomSSLSocketFactory.java:413)

at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:309)

... 18 more

Caused by: oracle.security.crypto.asn1.ASN1FormatException: Length is too big: takes 109 bytes

at oracle.security.crypto.asn1.ASN1Header.b(Unknown Source)

at oracle.security.crypto.asn1.ASN1Header.input(Unknown Source)

at oracle.security.crypto.asn1.ASN1Header.<init>(Unknown Source)

at oracle.security.crypto.asn1.ASN1ConstructedInputStream.<init>(Unknown Source)

at oracle.security.crypto.asn1.ASN1SequenceInputStream.<init>(Unknown Source)

at oracle.security.crypto.cert.PKCS12.input(PKCS12.java:153)

at oracle.security.crypto.cert.PKCS12.<init>(PKCS12.java:122)

at oracle.security.pki.OracleKeyStoreSpi.load(Unknown Source)

at oracle.security.pki.OracleKeyStoreSpi.engineLoad(Unknown Source)

at java.security.KeyStore.load(KeyStore.java:1445)

at oracle.net.nt.CustomSSLSocketFactory.getTrustManagerArray(CustomSSLSocketFactory.java:404)

 

If you have any insight on this issue, please provide your thoughts.

Labels (7)
438 Views
0 Likes
1 Reply
BMax
Contributor
Contributor
‎2022-04-01 01:35 AM

Per my experience, a network adapter related error is something to do with connectivity. Either WAF/NACL or firewall is blocking connection from your Talend server to the RDS endpoint. Once you have taken care of the connection issues, your should be able to telnet from your Talend job server to the RDS endpoint on the specific port it is listening on. If you are connecting via JDBC string, you will have to import the rds global and/or rds root ca certs to your Talend's $JAVA_HOME/jre/lib/security/cacerts. If you are connecting via https, then you will have to import the SSL cert of your web server (example.com) to the same cacerts file. If you are using a specific keystore.jks file in your Talend, you have to make amends to this file as above.

438 Views
0 Likes