Command string for JDBC connection to MySQL with SSL

Question

I'm trying to connect a data modeling tool (DbSchema) to a MySQL database running in Google Cloud SQL. The cloud instance requires SSL. I've downloaded the necessary keys to my Mac and can connect through certain tools, like Sequel Pro and MySQL Workbench. However, these tools give me a way to enter the key locations into their connection windows. But, DbSchema does not - all it does is allow me to modify the connection string it uses to connect to the DB via JDBC.

What I have so far is:

jdbc:mysql://<MY IP ADDRESS>:3306?useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull&useOldAliasMetadataBehavior=true&useSSL=true&verifyServerCertificate=false

This ends up giving me a password error although the PW I've used is correct. I think the problem is that JDBC isn't using the SSL keys. Is there a way to specify the locations of the SSL keys in this connection string?

Answer 1

This MySQL JDBC (for SSL) link may help you. Please see Setting up Client Authentication:

Once you have the client private key and certificate files you want to use, you need to import them into a Java keystore so that they can be used by the Java SSL library and Connector/J. The following instructions explain how to create the keystore file:

1. Convert the client key and certificate files to a PKCS #12 archive:

   shell> openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem \
     -name "mysqlclient" -passout pass:mypassword -out client-keystore.p12
   

2. Import the client key and certificate into a Java keystore:

   shell> keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 \
    -srcstorepass mypassword -destkeystore keystore -deststoretype JKS -deststorepass mypassword
   

3. Set JDBC connection properties:

   clientCertificateKeyStoreUrl=file:path_to_truststore_file 
   clientCertificateKeyStorePassword=mypassword