Spring Boot connection to Postgresql with SSL

Question

I have a Spring Boot application (version 2.1.1) using Postgresql 9.6 as database. I have to connect to the db via SSL with sslmode=verify-ca. What I have done till now is to set in the Application.properties file the property

spring.datasource.url=jdbc:postgresql://`url`:`port`/`db`?
    ssl=true&
    sslmode=verify-ca&
    sslcert=`path_to_client_cert`&
    sslkey=`path_to_client_key`&
    sslrootcert=`path_to_ca_cert`

Is there a way to specify the ssl properties in some others spring properties and not in the connection url?

Also, there is the possibility to specify relative paths for the certificates instead of using the absolute paths?

Answer 1

I used a relative path for a certificate I placed in src/main/resources and that worked just fine:

jdbc:postgresql://db_host:db_port/db_name?
    sslmode=require&
    sslrootcert=`my_root_certificate.crt`

It appears the URL is the only place to specify these parameters. You could do interpolation with environment variables as well.

Answer 2

I was not able to get it working with org.postgresql.ssl.NonValidatingFactory

I appended ?sslmode=verify-full to the end of the connection string.

By default it will use org.postgresql.ssl.LibPQFactory

By default it will look for certificates under $HOME/.postgresql/ as follows:

org.postgresql.PGProperty.SSL_ROOT_CERT; root.crt
org.postgresql.PGProperty.SSL_CERT; postgresql.crt
org.postgresql.PGProperty.SSL_KEY; postgresql.pk8

To convert your private key to pk8 format:

openssl pkcs8 -topk8 -inform PEM -outform DER -in postgresql.key -out postgresql.pk8 -nocrypt