SAP Knowledge Base Article - Public

2475960 - Error: 'Logon failed. Unexpected error; nested exception is:javax.netssl.SSLHandshakeException..." when refreshing a report based off in Crystal Reports


  • Fail to login to from Crystal Reports.
  • Unable to refresh report based on in Crystal Reports.
  • All reports created in Crystal Reports off are now failing, but were refreshing successfully before.
  • When attempting to create or refresh a report bases on in Crystal Reports, it fails with the error:
       "Logon failed. 
        Details: Unexpected error
        ; nested exception is: 
                    javax.netssl.SSLHandshakeException: PKIK path building failed.
        unable to find valid certification path to request target"
       Sforce - SSL Changed.png
  • Note: Images and data in this SAP Knowledge Base Article is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.


  • SAP Crystal Reports 2008
  • SAP Crystal Reports 2011

Reproducing the Issue

  1. In Crystal Reports, open a report based on
  2. Refresh the report.
  3. After entering the user credentials, it fails with the error like:
       "Logon failed. 
        Details: Unexpected error
        ; nested exception is: javax.netssl.SSLHandshakeException ... " 


  • The reason it fails to connect to, it is because Crystal Reports uses TLS 1.0 encryption to communicate with, but Salesforce has disabled TLS 1.0 for security reason at the beginning of 2016. And it is now required for any external application to use TLS 1.1 or higher.
  • For reference, see the Salesforce Knowledge Article 000221207
  • This situation has been tracked under SAP Note 2256383


  • Crystal Reports TLS encryption was updated from using TLS 1.0 to using TLS 1.2 in the following product updates:
    • Crystal Reports 2008
      • Service Pack 6 - Fix Pack 6.7
      • Service Pack 7 - Fix Pack 7.3
    • Crystal Reports 2011
      • Support Pack 11 - Patch 9
      • Support Pack 12 - Patch 2        
  • Limitation:

    For Crystal Reports 2008, since TLS1.1 and higher version only support java 1.7+, and the default java version integrated in Crystal Reports 2008, and Crystal Reports 2011 is Java JVM 1.6. You have to manually modify the JavaDir64 value in CRConfig.xml file. Please refer to SAP Notes 2261716 to update CRConfig.xml file.

    No additional action for Crystal Reports 2011, since oracle Java 1.7 was already used.


CR, SForce, Salesforce, TLS 1.0 , KBA , BI-RA-CR , Crystal Reports designer or Business View Manager , Problem


Crystal Reports 2008 V1 ; SAP Crystal Reports 2011