Azure WebJobs 无法使用加密通信连接到 SQL

Question

我有一个在 Azure 上作为 WebJob 运行的 Java 应用程序。此作业尝试连接到我的 Azure SQL Server。如果加密开启，我会收到连接错误：

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.".

如果encrypt = false 连接正常。

Azure 中资源之间的通信不应该一直加密吗？

另外，如果我在本地运行应用程序，数据库连接以加密模式成功连接。

Answer 1

首先，我应该解释一下 Azure SQL DB 始终默认使用加密连接。您看到的错误是关于 验证您正在与之通信的服务器的身份，这是 SSL 握手的一部分。 [这里有一些关于这个想法的解包。] (https://security.stackexchange.com/questions/1779/how-does-an-ssl-server-prove-its-identity)

我在MSDN thread 的答案中解开了与 Azure SQL 数据库的通信加密，但我会将相关部分带到这里：

When using Azure SQL DB, connections are encrypted even when the connection
string does not include those portions we recommend. 
...
Encryption occurs only if there is a verifiable server certificate,
otherwise the connection attempt fails.

正如MSDN article 所述，您的错误源于以下情况：

If the encrypt property is set to true and the trustServerCertificate 
property is set to false and if the server name in the connection string 
does not match the server name in the SQL Server SSL certificate, the 
following error will be issued: The driver could not establish a secure 
connection to SQL Server by using Secure Sockets Layer (SSL) encryption. 
Error: "java.security.cert.CertificateException: Failed to validate the
server name in a certificate during Secure Sockets Layer (SSL) initialization."

显然，SQL Server 4.0 的 JDBC 驱动程序似乎可以解决这个错误： Azure VM Fails to Connect to Azure SQL Service

Certificate Exception connecting to Azure SQL with JDBC with default connection string (the one the management console says to use)