0

I have a teiid embedded server and I am trying to connect to a vds on that server through 2-way SSL from my remote client by passing the teiid SSL properties in SystemProperties as per the teiid documentation at: http://teiid.github.io/teiid-documents/12.3.x/content/client-dev/SSL_Client_Connections.html

The connection is successful even without the truststore which is a mandatory property.

Code snippet to replicate this issue:

  Properties properties = new Properties();
  properties.put("user", "admin");
  properties.put("password", "admin");

  System.setProperty("org.teiid.ssl.keyStore", "C:/truststore.p12");
  System.setProperty("org.teiid.ssl.keyStorePassword", "testssl");
  System.setProperty("org.teiid.ssl.trustAll", "false");

  DriverManager.registerDriver(new TeiidDriver());
  Connection connection1 = DriverManager.getConnection("jdbc:teiid:testvds@mms://localhost:32750", properties);
  if (connection.isValid(1000))
  {
    System.out.println("Connection success");
  }

In this case it should have failed. Can you please let me know if this is an issue or I am missing something on my end.

Thanks, Megha

M S
  • 1
  • 1
  • It should have failed why? Does your server have a self-signed certificate? If it has a CA-signed certificate you don't need a custom truststore. You seem to be conflating keystores and truststores here. They aren't the same thing. – user207421 Jan 04 '21 at 05:43

1 Answers1

0

Can you elaborate on the server side settings? As the other user is getting at, if the server key is already trusted by the default java trust store you don't need additional client settings.

Steven Hawkins
  • 538
  • 1
  • 4
  • 7
  • I am using a self signed certificate for testing. Looks like while trying out something I may have unintentionally added the server key to the java's default trust store, due to which I was seeing the connection successful. I created another selfsigned certificate and added it only to my custom truststore. I am able to see the error as expected in case truststore is not given. Thanks for your help. – M S Jan 11 '21 at 05:07