In c-treeACE V11.2 and later, c-treeACE SQL JDBC supports TLS connections per the JDBC standard. Enable TLS in a JDBC connection URL using the ssl=value parameter string.
TLS connections are enabled in the JDBC connection URL using the new format (it is not supported on the old URL format) and a new parameter ssl.
The new URL format is:
jdbc:ctree://<host>[:portnumber]/<dbname>[?param=value[¶m=value]...]
The valid param values are:
basic
peerAuthentication
For backward compatibility, the older format ("jdbc:ctree:6597@localhost:ctreeSQL", "ADMIN", "ADMIN") is still supported but should be considered deprecated.
Basic TLS with JDBC clients
Basic SSL encryption on the client is enabled by the URL parameter ssl, for example:
Connection c = getConnection("jdbc:ctree://localhost:6597/ctreeSQL?ssl=basic");
Peer Authenticated TLS with JDBC clients
If the client wants to authenticate the server, then the client's trust store must contain the server's certificate.
Client SSL with server authentication is enabled by the URL parameter ssl set to peerAuthentication.
In addition, the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set.
Example:
System.setProperty("javax.net.ssl.trustStore","TrustStore.key");
System.setProperty("javax.net.ssl.trustStorePassword","mypassword""");
Connection c = getConnection("jdbc:ctree://localhost:6597/ctreeSQL?ssl=peerAuthentication");
If the ctsrvr.pem certificate is available, it can be added to a truststore using the following command (which is part of the Java distribution) for the above example using password =: mypassword:
keytool -importcert -file ctsrvr.pem -keystore truststore.key