Starting with MS SQL JDBC driver version 10.2, TLS encryption is enabled by default. In CloverDX 6.4, the bundled MS SQL JDBC driver was updated to version 12.4.2, introducing a potentially backwards incompatible change (see Release notes for version 6.4) that might affect your jobs that connect to a Microsoft SQL database. 

If your SQL Server isn’t set up to require encryption, the default connection URL (jdbc.url=jdbc:sqlserver://hostname:1433;database=clover_db) will not work and will generate an error:

Cannot connect to the DB: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed.

For maximum security, enabling encryption in production environments is highly recommended. However, for non-production use cases or to work around this security policy, you can temporarily bypass this requirement by adding either of the following properties to your connection URL:

• trustServerCertificate=true (ignores server certificate validation - use with caution)
• encrypt=false (disables encryption entirely - not recommended for sensitive data)

For more information refer to Microsoft’s documentation for recommended security practices when connecting to SQL Server.

If you have a considerable number of database connections in your jobs that will need to be updated, you can leverage the fact that all jobs, metadata, parameters, and database connections in CloverDX are stored in text files within your sandboxes. This means that you can do bulk search and replace to add one of the properties to your connection URLs. At the same time, we recommend reducing the number of locations with identical configurations to further streamline management and maintenance by using externalized database connections.