SQL Upgrade : driver not able to establish secure connection.

HI,

While we are doing upgrade for SQL 2008 to 2014. We are getting below error logs on WIndows vCenter server.

As we saw over remote session vCenter services are not starting as expected. We saw this in the vpxd-svcs logs     Caused by: org.apache.commons.dbcp.SQLNestedException:Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints". ClientConnectionId:10f3cbae-b842-4240-82c5-66097c1c867f)     at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549)     at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388)    at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044)     at com.vmware.cis.core.kv.impl.Provider.VCDBProviderFactory.getConnection(VCDBProviderFactory.java:120)     ... 93 more Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints". ClientConnectionId:10f3cbae-b842-4240-82c5-66097c1c867f     at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)     at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)    We run this command on database VM to see certificate   C:\Users\sa_kuldsing\Documents\openssl-1.0.2j-fips-x86_64\OpenSSL\bin>openssl s_ client -showcerts -no_ign_eof -connect localhost:1433  This was output that we get  WARNING: can't open config file: C:/OpenSSL/openssl.cnf CONNECTED(00000124) 4160:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177 : --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 308 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session:     Protocol  : TLSv1.2     Cipher    : 0000     Session-ID:     Session-ID-ctx:     Master-Key:     Key-Arg   : None     PSK identity: None    PSK identity hint: None     SRP username: None     Start Time: 1548158311     Timeout   : 300 (sec)     Verify return code: 0 (ok) ---This is similar output that we expected  CONNECTED(00000003) depth=0 /C=US/OU=*********/O=********/CN=*********** verify error:num=18:self signed certificate verify return:1 depth=0 /C=US/OU=*********/O=*******/CN=********* verify return:1 --- Certificate chain  0 s:/C=US/OU=*********/O=********/CN=**********    i:/C=US/OU=*********/O=********/CN=********** -----BEGIN CERTIFICATE----- MIIDGzCCAgMCBgFM28PcZTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEQ MA4GA1UECxMHcGFja21hbjEPMA0GA1UEChMGdm13YXJlMR8wHQYDVQQDExZ2Y2Fjkd qLFdH9824ui7AzmEy419VVpMKX5xCD1mgM8wTxJgiPf34sTo3Q9OXE9THVn/rR QtHeP7tqNiXzPtRUOas2M5RphxRpOlnRUi8Nckwisg== -----END CERTIFICATE----- ****

Kuldeep