Tomcat JDBC certified MySQL SSL Encryption

Recently, the company did three level certification, nor how to update the Java blog, the recent busy is updated. One of the three-level certifications has a very interesting feeling:

General company MYSQL/MARIADB Tomcat doing JDBC authentication is generally the case:

Db.default.driver=com.mysql.jdbc.driverdb.default.url= "Jdbc:mysql://url.to.database/database" db.default.user= " ... "//mysql user name db.default.password=" ... "//MySQL Password ...//other parameter optimization

In other words, in addition to the user name, password, IP, port, basic tuning, you can.

However, if the database uses an SSL encrypted connection, the connection must be a certificate. As a result of my interest, after the inquiry, the general process is this, share:

1. mysql Issue certificate configuration

[Mysqld]ssl #开启ssl功能ssl-ca=/etc/mysql/ssl/cacert.pem #指定CA文件位置ssl-cert=/etc/mysql/ssl/master.crt #指定证书文件位置ssl-key =/etc/mysql/ssl/master.key #指定密钥所在位置

2. Keytool Import Certificate

Keytool-import-alias mysqlservercacert-file Cacert.pem.pem-keystore Mysqlservercacertssl.jks

3. JDBC Related parameters:

eg

Db.default.url= "jdbc:mysql://url.to.database/test_db?verifyservercertificate=true&usessl=true& Requiressl=true "

Verifyservercertificate=true--Deny cannot confirm certificate if host is connected (using SSL certificate)

Usessl=true--Use SSL connection.

Requiressl=true--Deny if the MySQL server does not support SSL connections.

4. Specify your own Mysqlservercacertssl.jsk

Export java_opts= "-djavax.net.ssl.keystore=/usr/local/etc/tomcat/certs/mysqlservercacertssl.jsk- djavax.net.ssl.keystorepassword=password-djavax.net.ssl.truststore=/usr/local/etc/tomcat/certs/ Mysqlservercacertssl.jsk-djavax.net.ssl.truststorepassword=password "

The same:

-djavax.net.ssl.keystore=path_to_keystore_file-djavax.net.ssl.keystorepassword= Password-djavax.net.ssl.truststore=path_to_truststore_file-djavax.net.ssl.truststorepassword=password

5. Restart Tomcat

/etc/init.d/tomat restart

6. Precautions:

6.1) MySQL supports SSL and ensures login verification.

6.2) Account authorization.

6.3) Certificate Rights Management.

6.4) Consider the problem with SSL. (The actual situation to be specific analysis, otherwise will bring many problems)

This article is from "Never give up!" Ningzhiyuan "blog, declined reprint!

Tomcat JDBC certified MySQL SSL Encryption