Running the client with SSL/TLS

Basic SSL encryption on the client is enabled either by the URL attribute ssl, the property ssl or the datasource attribute ssl set to basic.

Example:

Connection c = 
   getConnection("jdbc:derby://myhost:1527/db;ssl=basic");

Running a client which authenticates the server

If the client wants to authenticate the server, then the client's trust store must contain the server's certificate. See Key and certificate handling.

Client SSL with server authentication is enabled by the URL attribute ssl or the property ssl set to peerAuthentication. In addition, the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set.

Example:

    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
    Connection c = 
       getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");

Running the client when the server does client authentication

If the server does client authentication, the client will need a key pair and a client certificate which is installed in the server's trust store, See Key and certificate handling.

The client needs to set javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.

Example:

    System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
    System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
    Connection c = 
       getConnection("jdbc:derby://myhost:1527/db;ssl=basic");

Running the client when both parties do peer authentication

This is a combination of the two last variants.

Example:

    System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
    System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
    Connection c = 
       getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");