https://community.cloudera.com/t5/Support-Questions/DBCPConnectionPool-1-28-1-Cannot-create/m-p/412800#M253688 <P>Hello!</P><P>I have a NiFi 1.28 instance running on a Oracle Linux Server 9.6. I'm trying to connect to a Microsoft SQL Server database using a&nbsp;DBCPConnectionPool 1.28.1 controller, with a mssql-jdbc-13.2.1.jre11.jar driver, but I'm getting a very confusing error:</P><P><SPAN>Failed to establish Database Connection: java.sql.SQLException: Cannot create PoolableConnectionFactory ("encrypt" property is set to "false" and "trustServerCertificate" property is set to "true" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: Certificates do not conform to algorithm constraints.</SPAN></P><P>&nbsp;</P><P><SPAN>Here is what I've already tried to fix this error:</SPAN></P><P><SPAN>- Import the self signed certificate&nbsp;(from the database machine) into the $JAVA_HOME truststore<BR />- change the default cypto policy with:&nbsp;</SPAN></P><PRE>update-crypto-policies --set DEFAULT:SHA1</PRE><P>- Relax the java security restrictions by going into the&nbsp;java.security file and commenting the&nbsp;jdk.certpath.disabledAlgorithms and&nbsp;jdk.tls.disabledAlgorithms properties</P><P>- Tried accessing the database itself within the machine's terminal, which works just fine (so it is a NiFi issue)</P><P>- Tried connecting with the properties&nbsp;encrypt=false;trustServerCertificate=true; on the connection string and all of it's 3 variations (true/true, true/false and false/false)</P><P>Is this a known issue or am I missing a configuration? Any help is appreciated and I'm down to answering any questions to help solve this issue. Thank you very much.</P> Fri, 31 Oct 2025 11:34:50 GMT enguias 2025-10-31T11:34:50Z https://community.cloudera.com/t5/Support-Questions/DBCPConnectionPool-1-28-1-Cannot-create/m-p/412800#M253688 <P>Hello!</P><P>I have a NiFi 1.28 instance running on a Oracle Linux Server 9.6. I'm trying to connect to a Microsoft SQL Server database using a&nbsp;DBCPConnectionPool 1.28.1 controller, with a mssql-jdbc-13.2.1.jre11.jar driver, but I'm getting a very confusing error:</P><P><SPAN>Failed to establish Database Connection: java.sql.SQLException: Cannot create PoolableConnectionFactory ("encrypt" property is set to "false" and "trustServerCertificate" property is set to "true" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: Certificates do not conform to algorithm constraints.</SPAN></P><P>&nbsp;</P><P><SPAN>Here is what I've already tried to fix this error:</SPAN></P><P><SPAN>- Import the self signed certificate&nbsp;(from the database machine) into the $JAVA_HOME truststore<BR />- change the default cypto policy with:&nbsp;</SPAN></P><PRE>update-crypto-policies --set DEFAULT:SHA1</PRE><P>- Relax the java security restrictions by going into the&nbsp;java.security file and commenting the&nbsp;jdk.certpath.disabledAlgorithms and&nbsp;jdk.tls.disabledAlgorithms properties</P><P>- Tried accessing the database itself within the machine's terminal, which works just fine (so it is a NiFi issue)</P><P>- Tried connecting with the properties&nbsp;encrypt=false;trustServerCertificate=true; on the connection string and all of it's 3 variations (true/true, true/false and false/false)</P><P>Is this a known issue or am I missing a configuration? Any help is appreciated and I'm down to answering any questions to help solve this issue. Thank you very much.</P> Fri, 31 Oct 2025 11:34:50 GMT https://community.cloudera.com/t5/Support-Questions/DBCPConnectionPool-1-28-1-Cannot-create/m-p/412800#M253688 enguias 2025-10-31T11:34:50Z https://community.cloudera.com/t5/Support-Questions/DBCPConnectionPool-1-28-1-Cannot-create/m-p/412809#M253693 <P>Hello&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/123332">@enguias</a>,&nbsp;</P><P>Sometimes this error could be for an old algorithm such as SHA-1. And most possible if using Java 11 that is more strict with the policies.&nbsp;</P><P>One option is to use connection without TLS, if possible and acceptable in your environment:&nbsp;</P><LI-CODE lang="markup">jdbc:sqlserver://&lt;host&gt;:&lt;port&gt;;databaseName=&lt;DB&gt;;encrypt=disable</LI-CODE><P>Or, update the certificate to SHA-256 with TLS 1.2.&nbsp;<BR />This is the best option if you prefer to maintain the encryption.&nbsp;<BR />Maybe this documentation from SQL can help too:&nbsp;<BR /><A href="https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver17" target="_blank">https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver17</A>&nbsp;</P> Tue, 04 Nov 2025 16:29:07 GMT https://community.cloudera.com/t5/Support-Questions/DBCPConnectionPool-1-28-1-Cannot-create/m-p/412809#M253693 vafs 2025-11-04T16:29:07Z