Server Certificate Verification Failed: Connection Aborted

This entry details the typical causes of the error and proposes solutions to resolve it.

Date Entered: 2/14/2020    Last Updated: 2/14/2020

When connecting to a data source, it is possible to encounter SSL issues, such as the error described in this entry. Out of all our providers, this is particularly common when configuring a connection to a Splunk server for the first time.

Cause of the Error

When establishing an SSL connection, the client machine is presented with a certificate from the server. Once received, the client machine will then check the system to see whether various aspects of the certificate are valid. The factors considered in validation include, but are not limited to, the following:

  • Certificate validity dates
  • Whether the name of the server host matches the certificate's CN
  • Whether the certificate issuing authority is trusted

Possible Solutions

As it relates to CData products, the resolution for this error consists of three possible ways to address the SSLServerCert connection. Depending on what is prioritized, one of the following solutions may be preferred over another:

  1. The simplest resolution for the error is to set the SSLServerCert connection property to "*". Doing so will force the driver to accept the first certificate provided to it. This is the least secure option but may be the only option if the server lacks a valid certificate at the time of connection. This method will at least be the fastest option to allow for successful SSL negotiation.
  2. Provided the server has a valid certificate, this certificate can also be supplied to this property as well. This can take the form of either the literal contents of the certificate itself or a path to a local file that stores the certificate. Doing so should ensure that the driver will accept this certificate when it is provided by the server.
  3. Another option does not involve setting the SSLServerCert property at all. Instead, the public key of the server's certificate issuing authority can be installed in the client machine's trusted certificate authority store. Upon doing so, the driver should be able to detect the trusted authority in the store, and accept the server's certificate.

We appreciate your feedback.  If you have any questions, comments, or suggestions about this entry, please contact our support team at support@cdata.com.