Java: Import AWS RDS certificate

To establish secure connection between Java application and AWS MySQL RDS instance the ssl/tls certificate needs to be imported in to JVM.

Step #1: Find Java home

Using the following commands you can find the Java home directory

whereis java
ls -l /etc/alternatives/java

Step #2: backup existing cacerts file for future reference

cp $JAVA_HOME/jre/lib/security/cacerrts $JAVA_HOME/jre/lib/security/cacerrts.original

Here are the steps to import RDS certificate into JVM

wget https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
openssl x509 -outform der -in rds-ca-2019-root.pem -out rds-ca-2019-root.der
keytool -import -alias rds-root -keystore $JAVA_HOME/jre/lib/security/cacerrts -file rds-ca-2019-root.der
wget https://s3.amazonaws.com/rds-downloads/rds-ca-2019-us-west-2.pem
openssl x509 -outform der -in rds-ca-2019-us-west-2.pem -out rds-ca-2019-us-west-2.der
keytool -import -alias rds-intermediate -keystore $JAVA_HOME/jre/lib/security/cacerts -file rds-ca-2019-us-west-2.der

Step #3: Update JDBC url in your Java application

Here is the sample JDBC url with SSL enabled

jdbc:mysql://aws.rds.com/dname?useUnicode=true&characterEncoding=UTF8&verifyServerCertificate=true&useSSL=true&requireSSL=true

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: