1

I am trying to connect to a CloudSQL instance using the certificates provided by google namely "client-cert.pem", "client-key.pem" and "server-ca.pem".

Can someone suggest what to keep in keystore and what in truststore for SSL connection using jdbc.

The client I am using is teiid.

P.S. - I tried importing client-cert.pem into keystore by converting it into p12 file, also imported it in cacerts of jdk, but nothing is working in my case. For truststore I imported server-ca.pem into a seperate keystore.

Manoj Majumdar
  • 505
  • 1
  • 4
  • 23

2 Answers2

0

Adding a IP addresses to authorized network list of your Cloud SQL instance, using SSL certificates:

https://cloud.google.com/sql/docs/mysql/configure-ssl-instance

https://cloud.google.com/sql/docs/mysql/admin-tools

https://cloud.google.com/sql/docs/mysql/connect-admin-ip#connect-ssl

https://cloud.google.com/sql/docs/mysql/configure-ssl-instance

https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html

guillermo rojas
  • 155
  • 3
0

If your only goal is to connect via SSL, I suggest you take a look at the Cloud SQL JDBC SocketFactory. This SocketFactory provides SSL connections to a Cloud SQL instance, authenticated with IAM credentials.

If you want to manually specify certificates you've created directly to the JDBC driver, you can follow these instructions here to configure the system properties to do so. .

kurtisvg
  • 3,412
  • 1
  • 8
  • 24
  • Thanks for the info, currently I am using cloudsql proxy to achieve the same. Will look into JDBC Socket factory too.. – Manoj Majumdar Jun 06 '19 at 10:57
  • If you are using the Cloud SQL proxy, you'll be unable to use a client/server certificate combo. This is because the proxy only supports SSL between itself and the instance, not between the application and the proxy itself. – kurtisvg Jun 06 '19 at 16:14