Azure WebJobs无法使用加密通信连接到SQL

Question

我有一个Java应用程序作为Azure上的WebJob运行。此作业尝试连接到我的Azure SQL Server。如果加密开启，则出现连接错误：

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.". 

如果encrypt = false连接正常。

Azure中资源之间的通信是否应该始终进行加密？

此外，如果我在本地运行应用程序，则数据库连接将以加密模式成功连接。

Answer 1

首先，我应该解释一下，Azure SQL DB总是默认为加密连接。您看到的错误是说作为SSL握手的一部分验证您正在与之通信的服务器的身份。 [有这样的想法在这里的一些拆包。（https://security.stackexchange.com/questions/1779/how-does-an-ssl-server-prove-its-identity）

我打开通信的加密与Azure的SQL数据库中的答案对这个MSDN thread - 但我会在这里把相关部分：

When using Azure SQL DB, connections are encrypted even when the connection 
string does not include those portions we recommend. 
... 
Encryption occurs only if there is a verifiable server certificate, 
otherwise the connection attempt fails. 

你的错误，在此MSDN article概述的，产生于以下情况：

If the encrypt property is set to true and the trustServerCertificate 
property is set to false and if the server name in the connection string 
does not match the server name in the SQL Server SSL certificate, the 
following error will be issued: The driver could not establish a secure 
connection to SQL Server by using Secure Sockets Layer (SSL) encryption. 
Error: "java.security.cert.CertificateException: Failed to validate the 
server name in a certificate during Secure Sockets Layer (SSL) initialization." 

显然，JDBC驱动程序的SQL Server 4.0可能会解决此错误： Azure VM Fails to Connect to Azure SQL Service

Certificate Exception connecting to Azure SQL with JDBC with default connection string (the one the management console says to use)