Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to connect to MySQL with X509 using JDBC?

Tags:

mysql

ssl

jdbc

I've set up a MySQL (Community Server, 5.1) database server.

I've set up SSL, created certificates, etc.

I've created a user that has the REQUIRES X509 attribute.

I can connect using this user using the command line client "mysql" and the "status" command shows that SSL is active, etc.

I've followed exactly the instructions from the MySQL site about importing the certificates into Java truststore/keystore files.

I just cannot connect to the database using these.

If I use just the truststore file using a user with REQUIRES SSL then all is fine. Using the keystore file with a user with REQUIRES X509 just isn't having it.

There seems to be lots of evidence on the web of people struggling with this and not many answers. Has ANYONE actually got this working?

like image 503
Mark Matten Avatar asked Dec 13 '22 00:12

Mark Matten

1 Answers

Cracked, listed here, in my comment at the bottom of the page: http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-using-ssl.html

After LITERALLY SPENDING A WEEK DOING THIS I have finally managed to connect using a client certifiacte (REQUIRES X509 on the user defintion)!!!!

rem NOTE: these commands are run using the Java 6 (1.6) JDK as it requires the "-importkeystore" command
rem which is not available before this JDK version.

rem Import the self signed Certifacte Authority certificate into a keystore.
keytool -import -alias mysqlCACert -file ca-cert.pem -keystore truststore -storepass truststore
rem Shows only the signed certificate.
keytool -v -list -keystore truststore -storepass truststore

rem Create a PKCS12 file from an existing signed client certifcate and its private key.
rem set password to "keystore".
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -out client.p12 -name clientalias -CAfile ca-cert.pem -caname root
rem Import the combined certificate and private key into the keystore.
keytool -importkeystore -deststorepass keystore -destkeystore keystore -srckeystore client.p12 -srcstoretype PKCS12 -srcstorepass keystore -alias clientalias

Then specify the trusted certifcates file (the truststore) and the client certificate/key file (the keystore) in your Java application either via the connection URL, via the JVM start-up parameter arguments (-D=,...), or System.setProperty(var,val),...

It actually works!!!

like image 186
Mark Matten Avatar answered Dec 26 '22 03:12

Mark Matten
Sign in to Comment

Related questions

JDBC driver type used in Hibernate
DB Design Questions for eCommerce
MySQL IF Condition in Where Clause
Select Multiple Columns From Multiple Tables
Is it significantly better to use ISO-8859-1 rather than UTF-8 wherever possible?
How to update model from database in Visual Web Developer 2010 Express?
Select two or multiple tables from different databases [closed]
MySQL select all users who have not logged in for 30 days
MySQL - Export data, and ignore primary key. Then import using auto increment
Remove white space from concatenated string fields in MySQL
Is memcache data saved even after server restart?
MySQL UNION query with condition
How to recover from failed database query in CodeIgniter?
Why do results from a SQL query not come back in the order I expect?
1049, "Unknown database 'database' " django mysql can't connect
mysql - how to count number of records in an hour (datetime) using sql [duplicate]
mysql error when adding function
How to optimize MySQL table containing 1.6+ million records for LIKE '%abc%' querying
MySql order by related with today's date
Warning: mysql_result() expects parameter 1 to be resource, boolean given [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!