Running the client with SSL/TLS

Basic SSL encryption on the client is enabled either by the URL attribute ssl, the property ssl, or the datasource attribute ssl set to basic.

Example

Connection c = getConnection("jdbc:derby://myhost:1527/db;ssl=basic");

Running a client which authenticates the server

If the client wants to authenticate the server, then the client's trust store must contain the server's certificate. See Key and certificate handling.

Client SSL with server authentication is enabled by the URL attribute ssl or the property ssl set to peerAuthentication. In addition, the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set.

Example

System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
Connection c = 
   getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");

Running the client when the server does client authentication

If the server does client authentication, the client will need a key pair and a client certificate which is installed in the server's trust store. See Key and certificate handling.

The client needs to set javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.

Example

System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
Connection c = getConnection("jdbc:derby://myhost:1527/db;ssl=basic");

Running the client when both parties do peer authentication

This is a combination of the last two variants.

Example

System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
Connection c = 
   getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");
Related concepts
Booting the server and connecting to it
Key and certificate handling
Starting the server with SSL/TLS
Other server commands
Related tasks
Creating a client key pair and certificate
Creating a server key pair and certificate
Importing certificates