jdbc:mysql://localhost:3306/MyDb?verifyServerCertificate=true&useSSL=true&requireSSL=true
I downloaded the public certificate from the mySql server and put it into cacerts like this:
keytool.exe -import -alias mysql_dev \
-keystore /c/dev/tools/Java/jre1.8.0_131/jre/lib/security/cacerts \
-file rds-combined-ca-bundle.pem
I generated new keys using keytool
like this:
keytool.exe -genkeypair -alias adam \
-keypass changeit \
-keysize 1024 \
-keystore /c/dev/.secure/haa2xt.jks \
-storepass changeit
So now I can see that Java is picking up both my key from the keystore and the server certificate from the truststore, but still I'm getting the PKIX
error.
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I added this debug param to the command line and got some more info which all looks good, and I can see the mySql certificate in there.
-Djavax.net.debug=all
trustStore is: c:\dev\tools\java\jdk1.8.0_131\jre\lib\security\cacerts
trustStore type is : jks
[.....]
keyStore is : C:/dev/.secure/haa2xt.jks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
*** found key for : adam
What have I done wrong?