Certificate Exception connecting to Azure SQL with JDBC with default connection string (the one the management console says to use)

Question

I'm wanting to connect to an Azure SQL Server from jdbc.

I copy the connection string from the azure management console. It is something like:

jdbc:sqlserver://XXXX.database.windows.net:1433;database=YYYY;user=ZZZZZ@XXXX;password=PPPPPPPPPPP;encrypt=true;hostNameInCertificate=*.database.windows.net

When I try and connect with this value I get the following error:

com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization. The server name is *.database.windows.net, the name in certificate is data.am2-1.database.windows.net.

Then if I change the *.database.windows.net to data.am2-1.database.windows.net as it says in the exception it works fine.

So is it a problem to set this name? I feel like if it is a wild card as default then it is probably going to change? and when it does I assume I won't be able to connect anymore. Has anyone else had this issue? I am using the most up to date jdbc drivers for SQL Server that I could find.

Answer 1

You can also add trustServerCertificate=true in your connection string, but it's not recommended from a security perspective.

Answer 2

I've got the same issue on JDBC driver version 4.1, downgrading to 4.0 resolved issue

Answer 3

Turns out an upgrade of the sql server jdbc version to version 4.0 cleaned up the issue.