Java: Import AWS RDS certificate
June 22, 2021 Leave a comment
To establish secure connection between Java application and AWS MySQL RDS instance the ssl/tls certificate needs to be imported in to JVM.
Step #1: Find Java home
Using the following commands you can find the Java home directory
whereis java
ls -l /etc/alternatives/java
Step #2: backup existing cacerts file for future reference
cp $JAVA_HOME/jre/lib/security/cacerrts $JAVA_HOME/jre/lib/security/cacerrts.original
Here are the steps to import RDS certificate into JVM
wget https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
openssl x509 -outform der -in rds-ca-2019-root.pem -out rds-ca-2019-root.der
keytool -import -alias rds-root -keystore $JAVA_HOME/jre/lib/security/cacerrts -file rds-ca-2019-root.der
wget https://s3.amazonaws.com/rds-downloads/rds-ca-2019-us-west-2.pem
openssl x509 -outform der -in rds-ca-2019-us-west-2.pem -out rds-ca-2019-us-west-2.der
keytool -import -alias rds-intermediate -keystore $JAVA_HOME/jre/lib/security/
cacerts -file rds-ca-2019-us-west-2.der
Step #3: Update JDBC url in your Java application
Here is the sample JDBC url with SSL enabled
jdbc:mysql://aws.rds.com/dname?useUnicode=true&characterEncoding=UTF8&verifyServerCertificate=true&useSSL=true&requireSSL=true