如何使用Java配置与Azure托管的MySQL的SSL连接？

Question

On Azure I have found 4 certificates:

ClearDB CA Certificate
Client Certificate
Client Private Key
Client Certificate Bundle(for Windows only)

I have created trustStore with ClearDB CA like it was told here How to connect to a remote MySQL database via SSL using Play Framework?

keytool -import -alias mysqlServerCACert -file cleardb.pem -keystore truststore.jks

Set Systems properties like this:

System.setProperty("javax.net.ssl.trustStore", "path/truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "password");

Added parameters to jdbc url

?useSSL=true&requireSSL=true&verifyServerCertificate=true

But I still get Exception

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I'm really confused. Which certificate I should use. What for are other certificates? Will appreciate any help.

Answer 1

@OlegKuts, according to the ClearDB FAQ about enforce client SSL (or x.509) authentication as below, I think you should use the ClearDB CA certificate if it's got from ClearDB.

I need additional security options for my ClearDB cluster. How can I enforce client SSL (or x.509) authentication?

We operate our own CA, and we'll be happy to generate x.509 user authentication certificates for your account. Please send us a support request (login required) to get x.509 certificates.

Meanwhile, according to the ClearDB help & support page (its link for Java is not available, but please see the rear MySQL 5.5 link), you need to follow the MySQL connector document 5.5 Connecting Securely Using SSL to try again.