2

I am trying to connect to remote Mysql database through SSL connection using Java application in Eclipse.

I am using Virtualbox to host remote Mysql which has JDK. The SSL certificates are created in this guest machine (Linux). Trying to connect from host (Windows) which has it's own JDK. Eclipse installed in host.

When I run the java application it throws this message:

jdbc:mysql://x.x.x.x:3306/xxxdb? verifyServerCertificate=true&useSSL=true&requireSSL=true+user+password Mon Nov 14 17:23:53 SGT 2016 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

No: 1, tester1 No: 2, tester2 Closing database connection. Closed!

From the message it says it says, (excerpt)

..or set useSSL=true and provide truststore for server certificate verification.

My confusion is, since I have JDK in both host and guest, where do I execute the keytool command to import certificates into keystore for JVM to trust? Certificates are in guest machine, assumed remote.

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
Sundaram
  • 31
  • 1
  • 5

2 Answers2

1

You should run the command on the client (guest) machine once you imported the CA certificate.

If you would like to know more, please take a look at this link:

https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html

Henrique Martins
  • 352
  • 2
  • 11
  • Thanks for your reply. But, my guest machine in vm is acting as the MySQL server. My host machine (Windows) will be the client connecting to VM (MySQL server). Anyway, I am testing the command in Linux. Will update once I get it right. – Sundaram Nov 14 '16 at 13:33
  • I don't know what I am doing wrong. After importing certificates using keytool into Mysql server (guest on Vbox) and executing Java app in Eclipse on Windows(host), I am getting following errors - Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) – Sundaram Nov 17 '16 at 01:10
  • Caused by: java.security.PrivilegedActionException: java.io.FileNotFoundException: \etc\ssl\mysql\mykeystore.p12 (The system cannot find the path specified) and Caused by: java.io.FileNotFoundException: \etc\ssl\mysql\mykeystore.p12 (The system cannot find the path specified). Does the program refer to local java path? If yes, how to set to remote java? – Sundaram Nov 17 '16 at 01:19
  • This could happen if you are not running the command prompt in administrator mode, type cmd and hit Ctrl+Shift+enter. This will open the command prompt in administrator mode. If not, you can also go to start -> all programs -> accessories -> right click command prompt and say run as administrator. – Henrique Martins Nov 17 '16 at 08:20
  • Going nowhere!! Below are the files created with openssl cachain.cert.pem client.cert.pem clientkey.pem mycacerts.jks server.cert.pem serverkey.pem. I have made a copy of java cacerts and stored in custom folder. #diff $JAVA_HOME/jre/lib/security/cacerts mycacerts.jks # echo $? 0 – Sundaram Nov 18 '16 at 02:36
  • I have created root and intermediate CA and self-signed server cert. All in PEM format. Shall I import cachain-cert.pem and server.cert.pem into mycacerts.jks? How do I inform java app to lookup the custom folder for trusted certs? – Sundaram Nov 18 '16 at 02:45
  • When I set "?verifyServerCertificate=true"+"&useSSL=true"+ "&requireSSL=true";, It throws error. When I set "?verifyServerCertificate=false"+"&useSSL=true"+ "&requireSSL=true";, It connects to db. But I want it to verifyServerCertificate. How can I do this? – Sundaram Nov 19 '16 at 11:48
1

you need to pass parameter "useSSL=true" in your mysql url like this:

<property name="url" value="jdbc:mysql://localhost:3306/world?useSSL=true"/>
Hardik
  • 1,519
  • 1
  • 10
  • 10