Java: Import AWS RDS certificate

To establish secure connection between Java application and AWS MySQL RDS instance the ssl/tls certificate needs to be imported in to JVM.

Step #1: Find Java home

Using the following commands you can find the Java home directory

whereis java
ls -l /etc/alternatives/java

Step #2: backup existing cacerts file for future reference

cp $JAVA_HOME/jre/lib/security/cacerrts $JAVA_HOME/jre/lib/security/cacerrts.original

Here are the steps to import RDS certificate into JVM

openssl x509 -outform der -in rds-ca-2019-root.pem -out rds-ca-2019-root.der
keytool -import -alias rds-root -keystore $JAVA_HOME/jre/lib/security/cacerrts -file rds-ca-2019-root.der
openssl x509 -outform der -in rds-ca-2019-us-west-2.pem -out rds-ca-2019-us-west-2.der
keytool -import -alias rds-intermediate -keystore $JAVA_HOME/jre/lib/security/cacerts -file rds-ca-2019-us-west-2.der

Step #3: Update JDBC url in your Java application

Here is the sample JDBC url with SSL enabled


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: