How to configure spring boot application to use SSL/TLS over MySQL?
Solution 1
You need to add the "*.pem" files (cert and key) in a keystore and the CA in a "truststore".
This link explains well how to create your own keystore and truststore [link] http://roopindersingh.com/programming/converting-pem-certificates-and-private-keys-to-jks/
After you have to add in JVM paramaters
-Djavax.net.ssl.keyStore=/path/to/keystore/keystore.jks
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=/path/to/keystore/truststore.jks
-Djavax.net.ssl.trustStorePassword=password
Solution 2
Check my answer: https://stackoverflow.com/a/51879119/173149
I don't like to pollute java
options or system properties, which are useless in application containers in any case...
You can set SSL certificate for MySQL connection programmically with:
jdbc:mysql://example.com:3306/MYDB?verifyServerCertificate=true&useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:cert/keystore.jks&clientCertificateKeyStorePassword=123456&trustCertificateKeyStoreUrl=file:cert/truststore.jks&trustCertificateKeyStorePassword=123456
It is documented:
- https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-configuration-properties.html
- https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html
Youssouf Maiga
Updated on August 17, 2020Comments
-
Youssouf Maiga almost 4 years
I set up SSL on my MySQL server.
I generated few certicates for CA (ca.pem, ca-key.pem), for client (client-cert.pem, client-key.pem) and server (server-cert.pem and server-key.pem).
In spring boot configuration file, here is the link to MySQL defined in application.yml file : jdbc:mysql://host:3306/bdd_name?useUnicode=true&characterEncoding=utf8&useSSL=true&requireSSL=true
I verify that my certicates are with openssl verify and I verify also by using a mysql client to set up a connection.
How to set the link Spring Boot application to my certificates (I have *.pem files) to finish my configuration ?