Considerations for connecting to the Microsoft SQL
Server
Microsoft SQL
Server
The
BEMS
3.8 installer now includes the upgraded Microsoft SQL
Server
driver version 12.8.0 and supports Java
17. The upgraded driver assumes that the encryption is enabled by default. To allow BEMS
to communicate with the SQL Server
, the installer prepopulates the “Additional properties” with default settings during the installation and upgrade process, and in the dashboard, allowing BEMS
to function as it has in previous versions. Additional properties settings that have been configured in an existing BEMS
instance are retained. You can change the settings during installation or upgrade, and in the dashboard.
If you enable encryption for all data that is sent between
BEMS
and the SQL Server
, it may cause higher than normal CPU usage. You can configure the following settings to control how
BEMS
communicates with the SQL Server
: Additional properties settings | Description |
|---|---|
Encrypt=false | The default setting is prepopulated in "Additional properties”. The setting does not encrypt data that is sent between BEMS and the SQL Server or validate the TLS certificate from the SQL Server . For example, if the CA certificate that is signing your SQL Server certificate is imported into the Java certificate store, it is ignored. No additional action is required by the administrator. This setting allows the BEMS instance to function as it has in previous versions. |
Encrypt=true;trustServerCertificate=true | These settings use encryption that is set on the SQL Server for all the data that is sent between BEMS and the SQL Server , and the Microsoft SQL
Server driver does not validate the TLS certificate from the SQL Server . |
Encrypt=true;trustServerCertificate=false | This setting uses encryption that is set on the SQL Server , and the Microsoft SQL
Server driver validates the TLS certificate from the SQL Server to ensure that BEMS is connecting to the correct SQL Server . These settings provide the most security. Before you change the additional properties settings, verify the following:
SQL Server is not setup to require encryption or the certificate is not trusted by the Java certificate store, the following database connection error is returned: "Cannot connect to the DB: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed." |