background image
<< Starting the server with SSL/TLS | Network Server handling connections >>

Starting a server which authenticates clients

<< Starting the server with SSL/TLS | Network Server handling connections >>
Derby Server and Administration Guide
50
java -Djavax.net.ssl.keyStore=serverKeyStore.key \
-Djavax.net.ssl.keyStorePassword=qwerty \
-jar derbyrun.jar server start -ssl basic
Starting a server which authenticates clients
When the server's SSL mode is set to
peerAuthentication
, then the server
authenticates its clients' identity in addition to encrypting network traffic. In this situation,
the server's trust store must contain a certificate for each client which will connect.
The
javax.net.ssl.trustStore
and
javax.net.ssl.trustStorePassword
need to be set in addition to the properties above.
See
Running the client with SSL/TLS
for client settings when the server does client
authentication.
Example
java -Djavax.net.ssl.keyStore=serverKeyStore.key \
-Djavax.net.ssl.keyStorePassword=qwerty \
-Djavax.net.ssl.trustStore=serverTrustStore.key \
-Djavax.net.ssl.trustStorePassword=qwerty \
-jar derbyrun.jar server start -ssl peerAuthentication
Running the client with SSL/TLS
Basic SSL encryption on the client is enabled either by the URL attribute
ssl
, the
property
ssl
or the datasource attribute
ssl
set to
basic
.
Example
Connection c =
getConnection("jdbc:derby://myhost:1527/db;ssl=basic");
Running a client which authenticates the server
If the client wants to authenticate the server, then the client's trust store must contain the
server's certificate. See
Key and certificate handling
.
Client SSL with server authentication is enabled by the URL attribute
ssl
or the
property
ssl
set to
peerAuthentication
. In addition, the system properties
javax.net.ssl.trustStore
and
javax.net.ssl.trustStorePassword
need to
be set.
Example

System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
Connection c =

getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");
Running the client when the server does client authentication
If the server does client authentication, the client will need a key pair and a client
certificate which is installed in the server's trust store, See
Key and certificate handling
.
The client needs to set
javax.net.ssl.keyStore
and
javax.net.ssl.keyStorePassword
.
Example
System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
Connection c =
getConnection("jdbc:derby://myhost:1527/db;ssl=basic");