I was able to break down the rds-combined-ca-bundle.pem cert file and import each one into the keystore separately. Then I added the -Djavax.net.ssl.trustStore=path_to_truststore_file and -Djavax.net.ssl.trustStorePassword=password into the jvm options. It worked on one application using the jndi configuration such as below:
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/contextname" unpackWAR="true" useNaming="true" swallowOutput="false">
<Resource removeAbandoned="true"
removeAbandonedTimeout="60"
name="jdbc/data" auth="Container"
type="javax.sql.DataSource"
maxActive="200"
maxIdle="60"
maxWait="20000"
username="rootuserssl"
password="rootusersslpassword"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://myinstance.123456789012.us-east-1.rds.amazonaws.com:3306/dbname?autoReconnect=true&verifyServerCertificate=true&requireSSL=true&useSSL=true"/>
</Context>However, on one application using HikariCp, it generates an error javax.net.ssl.SSLException: Unsupported record version Unknown-0.0. Below is the configuration.
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/contextnametwo" unpackWAR="true" useNaming="true" swallowOutput="false">
<Resource name="jdbc/data" auth="Container"
driverClassName="com.mysql.jdbc.Driver"
jdbcUrl="jdbc:mysql://myinstance.123456789012.us-east-1.rds.amazonaws.com:3306/dbname?verifyServerCertificate=true&useSSL=true&requireSSL=true"
factory="com.zaxxer.hikari.HikariJNDIFactory"
type="javax.sql.DataSource"
maximumPoolSize="50"
connectionTestQuery="SELECT 1"
idleTimeout="300000"
maxLifetime="600000"
dataSource.implicitCachingEnabled="true"
dataSource.cachePrepStmts="true"
dataSource.prepStmtCacheSize="250"
dataSource.prepStmtCacheSqlLimit="2048"
dataSource.useServerPrepStmts="true"
catalog="dbname"
username="rootuserssl"
password="rootusersslpassword"
/>
</Context>What am I doing wrong on the application that uses HikariCp?
