Product Documentation

V11.5 Update Guide

Previous Topic

Next Topic

JDBC Support for TLS

In c-treeACE V11.2 and later, c-treeACE SQL JDBC supports TLS connections per the JDBC standard. Enable TLS in a JDBC connection URL using the ssl=value parameter string.

TLS connections are enabled in the JDBC connection URL using the new format (it is not supported on the old URL format) and a new parameter ssl.

The new URL format is:

jdbc:ctree://<host>[:portnumber]/<dbname>[?param=value[&param=value]...]

The valid param values are:

  • characterEncoding - Replace encoding with a valid Java encoding name (e.g., US‑ASCII, ISO‑8859-1, UTF‑8, etc.).
  • password
  • user
  • ssl - The valid values for ssl are:

    basic

    peerAuthentication

For backward compatibility, the older format ("jdbc:ctree:6597@localhost:ctreeSQL", "ADMIN", "ADMIN") is still supported but should be considered deprecated.

Basic TLS with JDBC clients

Basic SSL encryption on the client is enabled by the URL parameter ssl, for example:

Connection c = getConnection("jdbc:ctree://localhost:6597/ctreeSQL?ssl=basic");

Peer Authenticated TLS with JDBC clients

If the client wants to authenticate the server, then the client's trust store must contain the server's certificate.

Client SSL with server authentication is enabled by the URL parameter ssl set to peerAuthentication.

In addition, the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set.

Example:

System.setProperty("javax.net.ssl.trustStore","TrustStore.key");

System.setProperty("javax.net.ssl.trustStorePassword","mypassword""");

Connection c = getConnection("jdbc:ctree://localhost:6597/ctreeSQL?ssl=peerAuthentication");

If the ctsrvr.pem certificate is available, it can be added to a truststore using the following command (which is part of the Java distribution) for the above example using password =: mypassword:

keytool -importcert -file ctsrvr.pem -keystore truststore.key

TOCIndex