-
Notifications
You must be signed in to change notification settings - Fork 29
SSL connections
Using SSL connections can be achieved by writing each DB engine's specific SSL parameters in the JDBC URL string.
With any engine, java parameter -Djavax.net.debug=all can be used to show whether SSL is being used in the connections or not.
Check https://www.postgresql.org/docs/current/static/libpq-ssl.html for more information.
postgresql.jdbc=jdbc:postgresql://<POSTGRESQL SERVER>:<PORT>/<DATABASE>?ssl=true&sslmode=verify-ca&sslrootcert=<LOCAL PATH TO CERTIFICATE>%2Fcertificate.pem
-
sslrootcert can be omitted if certificate can be found in
~/.postgresql/root.crtor if the certificate is trusted by the Java keystore (either by being already present or by importing it - check https://jdbc.postgresql.org/documentation/93/ssl-client.html). - use
select * from pg_stat_sslto verify if connections are using SSL.
Check https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-configuration-properties.html for more information on JDBC URL properties and https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html for the SSL specific page.
mysql.jdbc=jdbc:mysql://<MYSQL SERVER>:<PORT>/<DATABASE>?useSSL=true&requireSSL=true&trustCertificateKeyStorePassword=<TRUST STORE PASSWORD>&trustCertificateKeyStoreUrl=file%3A%2F%2F<LOCAL PATH TO CERTIFICATE>%2Ftruststore