Configuring SSL for JDBC Clients

Configuring SSL Authentication for JDBC clients involves involves the following tasks:

  • Set required properties
  • Optionally run the SSL Debug Utility
  • Configure for SSL Mutual Mode (optional)

Set Required Properties

Set Properties When Location or the Keystore/Truststore Is Not the Default

If you are using a location or the keystore/truststore that is not the default, set the following system properties so that the JRE can find your keystore/truststore:

$ javax.net.ssl.keyStore
$ javax.net.ssl.trustStore

Set Properties When Keystore/Truststore Is Password Protected

If your keystore/truststore is password protected, set the following system properties so that the JRE has access to it:

$ javax.net.ssl.keyStorePassword
$ javax.net.ssl.trustStorePassword

Run the SSL Debug Utility

After configuring SSL for JDBC, optionally run the following command to enable the debug utility for SSL:

$ -Djavax.net.debug=ssl

You can use several debug specifiers (options) with the debug utility. The specifiers help narrow the scope of the debugging information that is returned. For example, you could specify one of the options that prints handshake messages or session activity.

For information on the debug utility and its options, see Debugging Utilities in the Oracle document, JSSE Reference Guide.

For information on interpreting debug information, refer to the Oracle document, Debugging SSL/TLS Connections.