Connecting JDBC applications with SSL

You can configure database connections for the HCL OneDB™ JDBC Driver to use the Secure Sockets Layer (SSL) protocol.

Before you begin

The client must use the same public key certificate file as the server.

Procedure

  1. Create a truststore: Use the keytool utility that comes with your Java™ runtime environment to import a client-side keystore database and add the public key certificate to the keystore. 
    C:\work>keytool -importcert -file filename.extension -keystore .keystore
    Follow the prompts to enter a new keystore password and to trust the certificate.
  2. Define the truststore location: Configure an SSL connection to the database from your Java application by using the following options:

    Option 1: Use system properties

    Set the location and password of the truststore using Java system properties.
    Note: These settings apply to all the SSL connections made from this application.
    C:\work>java -D javax.net.ssl.trustStore=/opt/ids/.keystore -D javax.net.ssl.trustStorePassword=password -jar yourapplication.jar
    or set the location and password inside the java code using the System.setProperty API. 
    System.setProperty("javax.net.ssl.trustStore", "/opt/ids/.keystore"); System.setProperty("javax.net.ssl.trustStorePassword", "password");
    Option 2: Use a DataSource object

    Define "per connection" the truststore location and password using a DataSource object by using the setTrustStore and setTrustStorePassword methods on the IfxDataSource object.

    IfxDataSource cds = new IfxDataSource();
cds.setTrustStore("/opt/ids/.keystore");
cds.setTrustStorePassword("password");
//Add your additional connection details

    Option 3: Pass in through the connection URL

    If you do not use a DataSource object you can pass in the truststore and password via URL properties using SSL_TRUSTSTORE=/opt/ids/.keystore and SSL_TRUSTSTORE_PASSWORD=password

    Connection c = DriverManager.getConnection("jdbc:informix-sqli:localhost:9089/mydatabase: 
SSL_TRUSTSTORE=/opt/ids/.keystore;SSL_TRUSTSTORE_PASSWORD=password
  3. Declare the connection for SSL: This is set per connection and can be done through the DataSource or the URL.

    Option 1: Use a DataSource object

    IfxDataSource cds = new IfxDataSource();
cds.setIfxSSLConnection("true");
    Option 2: Pass in through the connection URL
    Connection c = DriverManager.getConnection("jdbc:informix-sqli:localhost:9089/mydatabase:
 SSLCONNECTION=true

JDBC sample for SSL connection

This sample Java program highlights the operations that are required to connect to the stores_demo database by using SSL.

import java.sql.Connection;
import java.sql.SQLException;

import com.informix.jdbc.IfxDriver;
import com.informix.jdbcx.IfxDataSource;

public class InformixSSLConnectionExample {
	public static void main(String[] args) {

		/* System properties for keystore */
		/* you can set this here for your whole system or you can set on */
		/* the data sourc (show below) or directly on your connection */
		/* properties using SSL_TRUSTSTORE and SSL_TRUSTSTORE_PASSWORD */
		System.setProperty("javax.net.ssl.trustStore", "/opt/ids/.keystore");
		System.setProperty("javax.net.ssl.trustStorePassword", "password");

		/* Instantiate Informix connection pooled data source */
		IfxDataSource cds = new IfxDataSource();

		/*
		 * Set SSLConnection property to true and port pointing to SSL port on the
		 * server
		 */
		cds.setUser("dbuser");
		cds.setPassword("password");
		cds.setDatabaseName("stores_demo");
		cds.setPortNumber(9888);

		/* Enable SSL */
		cds.setIfxSSLCONNECTION("true");

		/* Optional if you don't set a system property */
		/* You can set the trust store and password in the data source */
		cds.setTrustStore("/opt/ids/.keystore");
		cds.setTrustStorePassword("password");

		try (Connection conn = cds.getConnection()) {
			System.out.println(" Successfully connected to Informix database using SSL Connection");
			System.out.println(" Database version  ...: " + conn.getMetaData().getDatabaseProductVersion());
			System.out.println(" JDBC Driver Version .: " + IfxDriver.getJDBCVersion());
		} catch (SQLException e) {
			System.err.println("Error Message : " + e.getMessage());
			System.err.println("Error Code    : " + e.getErrorCode());
		} catch (Exception e) {
			System.err.println("Error Message : " + e.getMessage());
		}
	}
}