I've created a Postgres database on Amazon RDS instance with SSL enabled. The instance can be accessed with command line using the cert file provided by Amazon (.pem). Now I want to connect to the database within a Spring Boot application. Did some research, it seems I have to install the cert in keystore with keytool
command Import PEM into Java Key Store. So I ran the following commands to generate jks key.
openssl x509 -outform der -in rds-combined-ca-bundle.pem -out aws-cert.der
keytool -import -alias rds-key -keystore rds.jks -file aws-cert.der
keytool -list -keystore rds.jks
I also ran command keytool -list -keystore rds.jks
to list keystore for validation.
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
rds-key, Oct 16, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): E8:11:88:56:E7:A7:CE:3E:5E:DC:9A:31:25:1B:93:AC:DC:43:CE:B0
After copying the rds.jks
file to /src/main/resources, I added the following lines in application.properties
for ssl:
server.ssl.enabled=true
server.ssl.key-alias=rds-key
server.ssl.key-password=xxx111
server.ssl.key-store=classpath:rds.jks
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS
However I got the error:
java.lang.IllegalArgumentException: java.io.IOException: Alias name [rds-key] does not identify a key entry
Why is the keystore not working?