Running the client with SSL/TLS

Running the client with SSL/TLS Basic SSL encryption on the client is enabled either by the URL attribute ssl, the property ssl, or the datasource attribute ssl set to basic. Network ClientSSLNetwork ClientTLSSSLTLS Example Connection c = getConnection("jdbc:derby://myhost:1527/db;ssl=basic");

Running a client which authenticates the server

If the client wants to authenticate the server, then the client's trust store must contain the server's certificate. See .

Client SSL with server authentication is enabled by the URL attribute ssl or the property ssl set to peerAuthentication. In addition, the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set.

Example System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key"); System.setProperty("javax.net.ssl.trustStorePassword","qwerty"); Connection c = getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");

Running the client when the server does client authentication

If the server does client authentication, the client will need a key pair and a client certificate which is installed in the server's trust store. See .

The client needs to set javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.

Example System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key"); System.setProperty("javax.net.ssl.keyStorePassword","qwerty"); Connection c = getConnection("jdbc:derby://myhost:1527/db;ssl=basic");

Running the client when both parties do peer authentication

This is a combination of the last two variants.

Example System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key"); System.setProperty("javax.net.ssl.keyStorePassword","qwerty"); System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key"); System.setProperty("javax.net.ssl.trustStorePassword","qwerty"); Connection c = getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");