Symptom
-
Fail to login to Salesforce.com from Crystal Reports.
- Unable to refresh report based on Salesforce.com in Crystal Reports.
- All reports created in Crystal Reports off Salesforce.com are now failing, but were refreshing successfully before.
- When attempting to create or refresh a report bases on Salesforce.com in Crystal Reports, it fails with the error:
"Logon failed.
Details: Unexpected error
; nested exception is:
javax.netssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIK path building failed.
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to request target"
- Note: Images and data in this SAP Knowledge Base Article is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
- SAP Crystal Reports 2008
- SAP Crystal Reports 2011
- Salesforce.com
Reproducing the Issue
- In Crystal Reports, open a report based on Salesforce.com
- Refresh the report.
- After entering the Salesforce.com user credentials, it fails with the error like:
"Logon failed.
Details: Unexpected error
; nested exception is: javax.netssl.SSLHandshakeException ... "
Cause
- The reason it fails to connect to Salesforce.com, it is because Crystal Reports uses TLS 1.0 encryption to communicate with Salesforce.com, but Salesforce has disabled TLS 1.0 for security reason at the beginning of 2016. And it is now required for any external application to use TLS 1.1 or higher.
- For reference, see the Salesforce Knowledge Article 000221207
- This situation has been tracked under SAP Note 2256383
Resolution
- Crystal Reports TLS encryption was updated from using TLS 1.0 to using TLS 1.2 in the following product updates:
- Crystal Reports 2008
- Service Pack 6 - Fix Pack 6.7
- Service Pack 7 - Fix Pack 7.3
- Crystal Reports 2011
- Support Pack 11 - Patch 9
- Support Pack 12 - Patch 2
-
Limitation:
For Crystal Reports 2008, since TLS1.1 and higher version only support java 1.7+, and the default java version integrated in Crystal Reports 2008, and Crystal Reports 2011 is Java JVM 1.6. You have to manually modify the JavaDir64 value in CRConfig.xml file. Please refer to SAP Notes 2261716 to update CRConfig.xml file.No additional action for Crystal Reports 2011, since oracle Java 1.7 was already used.
Keywords
CR, SForce, Salesforce, TLS 1.0 , KBA , BI-RA-CR , Crystal Reports designer or Business View Manager , Problem
Product
Crystal Reports 2008 V1 ; SAP Crystal Reports 2011