How to connect to MySQL server using SSL JDBC

Question

Hi I am trying to sign in to my MySQL db remotely using java. I created a remote account that requires SSL. I did this by following this guide: https://www.digitalocean.com/community/tutorials/how-to-configure-ssl-tls-for-mysql-on-ubuntu-16-04 .

Now once I am trying to connect to the DB Java throws this error:

WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

So I added this to my URL:

       + "&useSSL=true"
      + "&requireSSL=true";

But now it requires me to give it a trustStore and a trustStorePassword . Where or how can I find/create these?

My MySQL server is running on a VPS ubuntu server btw.

Answer 1

You can create and import the server's certificate with a keytool command :

keytool -import -alias mysql -file server-cert.pem -keystore mycerts -storepass changeit

where server-cert.pem is the mysql's certificate (which you can get by following the instructions under this link: http://do.co/2FaIK8F , mycerts will be your trustStore (will be created by the command), and trustStorePassword is changeit (of course, choose one)

server-cert.pem is the file mentioned in your tutorial, which contains the server's certificate.

You then need to add the trustStore to your Java using this code:

System.setProperty("javax.net.ssl.trustStore", "mycerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

Where changeit is the password you chose in the keytool command and where mycerts is the path to the trustStore.