Connect to MySQL in RDS using Java Connector/J and SSL

Refresh

April 2019

Views

307 time

1

I am struggling to get my java code (that uses HikariCP) to connect with my database on AWS RDS using SSL. I can connect with the database using MySQL Workbench, I just can't find out how to configure the MySQL Connector/J 5.1.45 driver to access the database using SSL.

Currently this is my HikariCP properties file:

jdbcUrl=jdbc:mysql://mypath.jqwejrkq4568833.us-east-1.rds.amazonaws.com:3306/myschema
username=myusername
password=mypassword
dataSource.cachePrepStmts=true
dataSource.prepStmtCacheSize=250
dataSource.prepStmtCacheSqlLimit=2048
dataSource.useServerPrepStmts=true
dataSource.useLocalSessionState=true
dataSource.useLocalTransactionState=true
dataSource.rewriteBatchedStatements=true
dataSource.cacheResultSetMetadata=true
dataSource.cacheServerConfiguration=true
dataSource.elideSetAutoCommits=true
dataSource.maintainTimeStats=false
dataSource.clientCertificateKeyStoreUrl=file://truststore
dataSource.clientCertificateKeyStorePassword=123456
dataSource.useSSL=true
dataSource.verifyServerCertificate=true
dataSource.requireSSL=true

The truststore file was generated with the RDS certificate from here, it's on my classpath root since it's on my resources folder from maven. I really want to provide my own truststore file to the MySQL Connector/J driver so this program can be moved around without having to configure the truststore from the environment (this is very useful for me because my code runs locally on GlassFish but on the cloud on AWS Lambda and who knows where will it run tomorrow).

When I try to get a connection using this configuration I get the following error:

com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot open file://truststore [truststore]

At first I thought my trustore url was wrong, but if I change it to something like this:

dataSource.clientCertificateKeyStoreUrl=file:///truststore

The error changes to:

com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot open file:///truststore [\truststore (The system cannot find the file specified)]

Which indicates for me that the first url was correct.

I have no idea what am I doing wrong or how to fix this, the `truststore was generated with the following command:

'C:\Program Files\Java\jre1.8.0_151\bin\keytool.exe' -importcert -alias AwsRdsMySqlCACert -file rds-combined-ca-bundle.pem -keystore truststore -storepass 123456

I have no idea what am I doing wrong, which leads me to the question:

What's wrong with my truststore file then?


EDIT:

Digging deeper I could find the cause of the Exception:

com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot open file://truststore [truststore]

is:

java.net.UnknownHostException: truststore

I don't know what this means since my database url is correct because it's the same I use in MySQL Workbench.

0 answers