Java: Import AWS RDS certificate

To establish secure connection between Java application and AWS MySQL RDS instance the ssl/tls certificate needs to be imported in to JVM.

Step #1: Find Java home

Using the following commands you can find the Java home directory:

whereis java
ls -l /etc/alternatives/java

Step #2: Backup existing cacerts file

Backup existing cacerts file for future reference:

cp $JAVA_HOME/lib/security/cacerts $JAVA_HOME/lib/security/cacerts.backup

Step #3: Download RDS certificate

Download the RDS certificate from AWS:

wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem

Step #4: Import certificate

Import the certificate into the Java truststore:

keytool -import -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -alias aws-rds -file rds-combined-ca-bundle.pem

When prompted, type 'yes' to trust the certificate.