cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Crystal 2008 SSL 3.0 Connection to Salesforce fails

Go to solution
Former Member

on ‎08-13-2015 6:07 PM

0 Kudos

I am using Crystal 2008 to connect to Salesforce.com tables for some reports. Today I tried to run the reports and got an error message stating "javax.net.ssl.SSLHandshakeException failed".

The issue looks to be because Salesforce disabled SSL 3.0 Encryption. Does anyone know if Crystal 2008 can be switched from SSL 3.0 encryption to TLS 1.0 or TLS 1.1 encryption instead? I am trying to avoid the need to re-build this report and purchase Crystal 2013.

If this is not possible with CR 2008 does anyone know if a report built using CR 2008 will open in CR 2013 with no issues, or would it have to be rebuilt since CR 2013 connects to Salesforce using Simba ODBC drivers.

Any help is much appreciated.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

vitaly_izmaylov
Employee
Employee
‎08-13-2015 11:00 PM
0 Kudos

Salesforce.com changed Security certificate from SHA-1 to SHA-256 hash
algorithms. For more details read:

https://help.salesforce.com/apex/HTViewSolution?urlname=HTTPS-Security-Certificate-Switch-from-SHA-1...

Documented resolution in the following KBA:

2205572 - Failed to Open the conection. Crystal Reports and
salesforce.com certificate issue.

  Resolution

Rename the old certificate "cacerts": at the following location for CR 2008:

C:\Program Files (x86)\Business Objects\javasdk\jre\lib\security

to "cacerts_old".


Create a new new "cacerts" file with the content copied from the link suggested by SFDC:

http://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Ce...

and copy the new file to the same location.

For Crystal Reports 2011, the location would be:

  C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise
XI 4.0\win32_x86\jre\lib\security

Vitaly

Show replies
Show replies
Former Member
‎08-13-2015 11:44 PM
0 Kudos

Hi Vitaly,

That is an interesting article since we run NA10 and the timing of the change for our instance being Aug 12th makes sense since Crystal stopped working yesterday.

I clicked on the link for the certificate and copied the code (including the Begin certificate and end certificate lines) and put it in a new CACERTS  file located here: C:\Program Files (x86)\Business Objects\javasdk\jre\lib\security and then renamed the old file to CACERTS_OLD.

I now get an error stating Java.Net.SocketException: Unconnected Sockets not implemented.

Am I doing something wrong?

vitaly_izmaylov
Employee
Employee
‎08-14-2015 12:17 AM
0 Kudos

are you sure it is not .txt file? Sometimes the extension is hidden. This is how it should look in the Browser:

Because you should not be able to "put it in a new CACERTS  file located here: C:\Program Files (x86)\Business Objects\javasdk\jre\lib\security"

without renaming the original first.

Former Member
‎08-18-2015 11:31 PM
0 Kudos

I have renamed the file and then try to save as but it only wants to save as a text file for me. I have been using notepad and trying to save under the all files option. Is there an extension I should be using? or what type of file should I be saving as?

Former Member
‎08-19-2015 5:11 AM
0 Kudos

Hi Vitaly,

I think I have done everything right.  I copied the content of the file into a new file called cacerts. It is NOT a text file.  When I then try to log in I get the same error message Steve was getting. Java.Net.SocketException: Unconnected Sockets not implemented.  The file is only 2KB in size. Is that an indicator that I have done something wrong since your example of file size above shows 54KB? 

I have also tripled checked my password and security key to make sure those are correct while trying to log in. What am I missing or doing wrong?

Corinn

Former Member
‎08-19-2015 2:22 PM
0 Kudos

Here is what worked for me on a 64 bit Windows 7.

1. Make a copy of the cacerts file - from here: C:\Program Files (x86)\Business Objects\javasdk\jre\lib\security\.

2. Create a file in c: with Notepad named "VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem" by copying and pasting all the text found at this link: http://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Ce...

3. Go to Start and run cmd.exe.

4. Enter these three commands one at a time.  Copy the line from here, then do a right mouse click paste in the cmd window. Press Enter after each command

cd c:\

cd C:\Program Files (x86)\Business Objects\javasdk\jre\bin

If you are using 32 bit, you will need to change the Program Files folder name - remove the (x86) in the command below.

keytool -storepass changeit -import -keystore "C:\Program Files (x86)\Business Objects\javasdk\jre\lib\security\cacerts" -file "C:\VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem"

Answer 'yes' to the question.

Done.

Answers (3)

Answers (3)

Former Member
‎08-17-2015 10:54 AM
0 Kudos

I'm having the same issue using CRXI R2 does anyone have a solution that will work for this version ?

Show replies
Show replies
former_member183750
Active Contributor
‎08-17-2015 3:43 PM
0 Kudos

CR XI R2 has been out of support for a number of years. There will be no changes / fixes, etc. to CR XI R2. Recommend updating to SAP Crystal Reports 2013. A 30 day eval is here:

SME Free Trials | SME Software | SAP

- Ludek

vitaly_izmaylov
Employee
Employee
‎08-17-2015 4:18 PM
0 Kudos

CR XIR2 is out of support and we cannot even test the solution.

But I think solution should be similar.

Have you tried searching the Business Object folder for the cacerts file?

Vitaly

former_member1246651
Discoverer
‎08-16-2015 4:15 AM
0 Kudos

ive tried both methods and neither work.

Creating the new cacerts file or editing the registry key.

Show replies
Show replies
former_member183750
Active Contributor
‎08-13-2015 6:32 PM
0 Kudos

Hi Steve

I am not sure that this is actually directly related to SSL. See KBA 1454151 - "Error: Nested Exemptiion javax.net.ssl SSLHandShakeException"

Re. SSL and TLS, see KBA 2092680 - SAP Crystal Reports, Salesforce.com and SSL vulnerability




- Ludek

Senior Support Engineer AGS Product Support, Global Support Center Canada

Follow me on Twitter

Show replies
Show replies
Former Member
‎08-13-2015 6:53 PM
0 Kudos

Hi Ludek,

Thanks for replying. It is related to Salesforce no longer supporting SSL 3.0, I did confirm that with SAP. If you have any knowledge regarding whether CR 2008 can be switched to TLS 1.0 or 1.1 that is what I am trying to figure out. I just don't even know if that is a possibility, otherwise I would need to buy CR 2013.

Then the question is whether it is a smooth transition from a CR 2008 Salesforce report to a CR 2013 Salesforce report without rebuilding the whole thing.

former_member183750
Active Contributor
‎08-13-2015 7:26 PM
0 Kudos

Yes it can be "switched". See the KBAs please.

- Ludek

Former Member
‎08-13-2015 7:39 PM
0 Kudos

Hi Ludek,

Again thanks for responding so quickly. I did reference the KBA you mentioned however it is specific to CR 2011 not CR 2008.

If users have any concerns about security it is possible to disable the SSL 3.0 suing the following registry key for SAP Crystal Reports 2011 on 64 bit machine:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SAP BusinessObjects\Suite XI 4.0\Crystal Reports

“JVMOptions” =”-Dhttps.protocols=TLSv1”

However my path is:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BusinessObjects

Suite 12.0\Crystal Reports


I tried to add a new string value into the Crystal Reports folder with the below but it does not seem to help.


Name= JVMOptions

Data= -Dhttps.protocols=TLSv1”

Ask a Question