These operations are described in .
SSL at the server side is activated with the property
derby.drda.sslMode (default off) or the
-ssl option for the server start command.
Starting the server with basic SSL encryption
When the SSL mode is set to basic, the server will
only accept SSL encrypted connections.
The properties javax.net.ssl.keyStore and
javax.net.ssl.keyStorePassword need to be set with
the proper values.
Example
java -Djavax.net.ssl.keyStore=serverKeyStore.key \
-Djavax.net.ssl.keyStorePassword=qwerty \
-jar derbyrun.jar server start -ssl basic
Starting a server which authenticates clients
When the server's SSL mode is set to peerAuthentication,
the server authenticates its clients' identity in addition to encrypting network
traffic. In this situation, the server's trust store must contain a
certificate for each client which will connect.
The javax.net.ssl.trustStore and
javax.net.ssl.trustStorePassword need to be set in addition to
the properties above.
See for client settings when the server
does client authentication.
Example
java -Djavax.net.ssl.keyStore=serverKeyStore.key \
-Djavax.net.ssl.keyStorePassword=qwerty \
-Djavax.net.ssl.trustStore=serverTrustStore.key \
-Djavax.net.ssl.trustStorePassword=qwerty \
-jar derbyrun.jar server start -ssl peerAuthentication