Maria 2-Way SSL Authentication with java

You are viewing an old version of this question. View the current version here.

Tried to connect java with MariaDB 2-Way SSL Authentication.

I created CA, Server and client certificate using below mentioned link: https://mariadb.com/docs/server/security/data-in-transit-encryption/create-self-signed-certificates-keys-openssl/

Used this below steps to format the client certificate: Followed this document: https://mariadb.com/kb/en/using-tls-ssl-with-mariadb-java-connector/

Convert client cert to PkCS12 format:

Command: openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -out keystore.PKSC12 -name "mariadbAlias" -passout pass:mypassword

Convert PKCS12 file to keystore:

Command: keytool -importkeystore -deststorepass mypassword -destkeypass mypassword -destkeystore Keystore -srckeystore keystore.PKSC12 -srcstoretype PKCS12 -srcstorepass mypassword -alias "mariadbAlias"

MariaDB driver version: 3.4.1

Case 1:

Java connection string: jdbc:mariadb:localhost:3307/mysql?user=user&password=pwd&sslMode=VERIFY_CA&serverSslCert=C:
ca-cert.pem&keyStore=C: keystore&keyStorePassword=mypassword

Case 2: Also tried to import ca-cert.pem file to JRE\lib\security\cacerts file. Used this below url for this case: jdbc:mariadb:localhost:3307/mysql?user=user&password=pwd&sslMode=VERIFY_CA&keyStore=C: keystore&keyStorePassword=mypassword

Exception occurred in both the case: Caused by: javax.net.ssl.SSLException: readHandshakeRecord Suppressed: java.net.SocketException: An established connection was aborted by the software in your host machine

How to create CA, server, client certificate in MariaDB. And how to convert client certificate to keystore. What is the extract connection string to connect with Java?

Can please provide solution for this issue?

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.