Basic SSL encryption on the client is enabled either by the URL attribute ssl, the property ssl, or the datasource attribute ssl set to basic.
Connection c = getConnection("jdbc:derby://myhost:1527/db;ssl=basic");
If the client wants to authenticate the server, then the client's trust store must contain the server's certificate. See Key and certificate handling.
Client SSL with server authentication is enabled by the URL attribute ssl or the property ssl set to peerAuthentication. In addition, the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set.
System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
Connection c =
getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");
If the server does client authentication, the client will need a key pair and a client certificate which is installed in the server's trust store. See Key and certificate handling.
The client needs to set javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.
System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
Connection c = getConnection("jdbc:derby://myhost:1527/db;ssl=basic");
This is a combination of the last two variants.
System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
Connection c =
getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");