I've been struggling with a MySQL SSL connection through JDBC.
I've already imported the CA cert in a custom JKS truststore and the client key and client cert as PKCS12 in a custom JKS keystore then passed them as parameters in the code below.
jdbc:mysql://hostname:port/dbname?useSSL=true&requireSSL=true&trustCertificateKeyStoreUrl=file:///path/to/truststore_mysql.ks&trustCertificateKeyStorePassword=mypass&clientCertificateKeyStoreUrl=file:///path/to/keystore_cert_mysql.ks&clientCertificateKeyStorePassword=mypass
but did't work because of:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
enabling SSL debug I can see:
%% Invalidated: [Session-1, TLS_DHE_RSA_WITH_AES_256_CBC_SHA]
http-nio-8080-exec-4, SEND TLSv1 ALERT: fatal, description = certificate_unknown
http-nio-8080-exec-4, WRITE: TLSv1 Alert, length = 2
http-nio-8080-exec-4, called closeSocket()
The weird thing is that everything works passing the the keystore and truststore file as VM arguments.
-Djavax.net.ssl.keyStore=/path/to/keystore_cert_mysql.ks
-Djavax.net.ssl.keyStorePassword=mypass
-Djavax.net.ssl.trustStore=/path/to/truststore_mysql.ks
-Djavax.net.ssl.trustStorePassword=mypass
So the question is: Why using the JDBC connection URL parameters doesn't work?
Thanks in advance and sorry for my english.
