Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Java use SSL for database connection

I am currently making a connection to my database without using SSL. I now would like to utilize SSL. The way I have it set up, is my database source is in config.

DB_SOURCE=jdbc:mysql://myDatabaseInfo:3306/DB_NAME?
DB_USER=dbUser
DB_PW=dbPw

I can get the SSL connection to work by calling my program with the following arguments

-Djavax.net.ssl.trustStore=path\to\truststore
-Djavax.net.ssl.trustStorePassword=myPassword

I can also get it to work by changing the env variables in the code itself

dbSource += "?useSSL=true";
System.setProperty("javax.net.ssl.trustStore", "path\to\truststore");  
System.setProperty("javax.net.ssl.trustStorePassword", "myPassword");  
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection(dbSource, dbUser, dbPw); 

However, my goal is to make the SSL connection without making any changes to my code and without having to change the VM arguments I use. Is there a way I can set my source to include this information?

Something like:

jdbc:mysql://myDatabaseInfo:3306/DB_NAME?useSSL=true&trustCertificateKeyStoreUrl=path\to\truststore&trustCertificateKeyStorePassword=myPassword

I tried this exactly and it doesn't work, ideally I could just add the info to the config I already have so that I don't have to make changes in more than one place. Any ideas?

like image 644
Marianna Avatar asked Dec 20 '12 20:12

Marianna


1 Answers

Suggestion 1: put your trust store instead of the java's trust store, or import your certificate into the java's trust store: ${java.home}/lib/security/cacerts

Suggestion 2: Write your own driver extending com.mysql.jdbc.Driver. Put the SSL configuration into the new code. Although you need to code, but not in the main application. Not sure if it's acceptable for you.

like image 110
Tarlog Avatar answered Nov 10 '22 02:11

Tarlog