Enabling TLS in the JDBC Driver

This page provides guidelines for enabling TLS in NuoDB’s JDBC driver.

For the JDBC driver to use TLS, the domain first needs to be set up for TLS. For more information, see Configuring NuoDB Admin TLS Encryption.

It is necessary to provide the trustStore and trustStorePassword properties to the JDBC connection.

By default, the JDBC driver is set up to match the DN name in the trust-store certificate against the hostname. To disable hostname verification, add the verifyHostname=false connection property.

NuoDB’s JDBC driver only supports JKS truststores. PKCS12, PEM or other formats are not supported.

For more information, see Connection Properties.

Using a DataSource

public static final String DATABASE_URL = "jdbc:com.nuodb://localhost/test";

com.nuodb.jdbc.DataSource dataSource = new com.nuodb.jdbc.DataSource();
dataSource.setUrl(DATABASE_URL + "?trustStore=nuoadmin-truststore.jks&trustStorePassword=changeIt");

dbConnection = dataSource.getConnection();

Using a DriveManager

The DriverManager supports using a connection Properties instance but is in general not preferred due to its inability to provide connection pooling.

public static final String DATABASE_URL = "jdbc:com.nuodb://localhost/";

Properties properties = new Properties();
properties.put("user", user);
properties.put("password", password);
properties.put("schema", "Hockey");
properties.put("trustStore", "<NUODB_HOME>/var/etc/nuoadmin-truststore.jks");
properties.put("trustStorePassword", "changeIt");

dbConnection = DriverManager.getConnection(DATABASE_URL + dbName, properties);