JDBC + SSL = "No trusted certificate found"

From: Luke McCarthy (luke.mccarthy_at_shaw.ca)
Date: 06/24/04 

Date: Thu, 24 Jun 2004 11:31:20 -0600

Hi,

I'm trying to get JDBC to connect to a MySQL database using SSL. The MySQL
server has been propertly compiled and configured, and I can connect to it
with the regular client using SSL, but I can't get a simple test client
written in Java to work.

The error I'm getting is "No trusted certificate found", but I have
imported the CA cert I used to sign the MySQL server key into a truststore
and I'm using that truststore in my code. The relevant steps look like
this:

# CA cert created like so:
$ openssl req -new -x509 -keyout cakey.pem -out cacert.pem

# MySQL server certificate verified like so:
$ openssl verify -CAfile cacert.pem server-cert.pem
server-cert.pem: OK

# truststore created like so:
$ keytool -import -file cacert.pem -alias mysqlServerCACert -keystore
truststore

/* java code looks like this: */
System.setProperty("javax.net.debug", "all");
System.setProperty("javax.net.ssl.trustStore",
"/home/lukem/src/ssl/truststore");
System.setProperty("javax.net.ssl.trustStorePassword", "password");

During execution, the debug information shows that it's using the expected
truststore and that it's adding my certificate:

...
trustStore is: /home/lukem/src/ssl/truststore
...
adding as trusted cert:
Subject: CN=lewzealand, OU=bioinfo, O=Uni, L=Sask, ST=Sask, C=CA
...

But I still get the "No trusted certificate found" error. Any idea what
the problem might be? Thanks,

Luke

Relevant Pages

  • RE: MySQL/PHPMyAdmin on FC3 Connection Problem
    ... // You can disable a server config entry by setting host to ''. ... MySQL server ... MySQL control user settings ... table to describe the display fields ...
    (Fedora)
  • Re: KDE is now broken (Fwd: Heads-up: KDE4 hitting testing tonight (UTC) )
    ... don't want to run an akonadi server either, ... KDE 4.0 was available. ... kmail) and I do not have a mysql server installed. ...
    (Debian-User)
  • Re: Using Access for web application?
    ... Any suggestions as to which newsgroup would be more ... The server that the web app will use in this case, ... > which technology you will decide to use as the Web server (Linux or Windows) ... Instead MySQL is being ...
    (microsoft.public.access.dataaccess.pages)
  • [UNIX] phpMyAdmin PHP Code Injection (left.php)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... phpMyAdmin is "web-based MySQL ... does not prevent a malicious user from altering the servers configuration ... server configurations to the list of servers configuration by adding ...
    (Securiteam)
  • Re: KDE is now broken (Fwd: Heads-up: KDE4 hitting testing tonight (UTC) )
    ... don't want to run an akonadi server either, ... doesn't ask if I want to use a mysql server on another host. ... Not if the file format was public. ... There seems to be too much windoze thinking entering Debian: ...
    (Debian-User)