im struggling (since a few days) to connect to our db2 database on an as400 over ssl. For the database connection im using jaydebeapi and to access the database with a secure connection i need to append the trustStore location and trustStore password to the JVM over a jpype function. Here is a snipped what ive done so far:
import jaydebeapi
import os
import jpype
import pandas as pd
from credentials_getter import get_db2_credentials
class i5Connection:
def __init__(self, user, password):
if jpype.isJVMStarted():
print("already started!")
filepath_script = os.path.dirname(os.path.abspath(__file__))
ssl_trust_store_location = filepath_script + "/database/java-certs.jks"
jar = filepath_script + '/database/jt400.jar'
jvm_path = jpype.getDefaultJVMPath()
jpype.startJVM(jvm_path,
'-Djava.class.path=%s' % jar,
'-Djavax.net.ssl.trustStore=%s' % ssl_trust_store_location +
'-Djavax.net.ssl.trustStorePassword=pw')
connection_string = 'jdbc:as400://172.17.0.1/library'
print(connection_string)
self.conn = jaydebeapi.connect('com.ibm.as400.access.AS400JDBCDriver',
connection_string,
{'user': user,
'password': password,
'secure': 'true'},
filepath_script + '/database/jt400.jar')
Right now im running into the following error message:
jpype._jexception.java.sql.SQLExceptionPyRaisable: java.sql.SQLException: The application requester cannot establish the connection. (PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
If i remove the trustStoreLocation, password from the startJVM call and the secure parameter for the jaydebeapi call, it works (without encryption) Can anyone please tell me what im doing wrong? Is there probably a good ibm documentation i didnt find yet?
Edit: Ive found a workaround: I just saved the certificate to the cacert manually via keytool: How do I import an existing Java keystore (.jks) file into a Java installation? not really a solution, but hopefully helpful if someone is stuck as well...
