Help Center/ CloudTable Service/ Developer Guide/ Doris Application Development Guide/ Using JDBC to Connect to Doris Clusters/ Using JDBC to Connect to Doris in SSL Mode (Certificate Verification Needed)
Updated on 2025-07-25 GMT+08:00
View PDF
Share

Using JDBC to Connect to Doris in SSL Mode (Certificate Verification Needed)

When code retry and load balancing are performed at the application layer, multiple Doris FE node addresses need to be configured for an application. If a connection exits abnormally, the system automatically retries on another connection.

The HTTPS must be enabled for the cluster in advance.

Download the certificate on the cluster details page.

  1. Run the following command on the ECS where the MySQL client has been installed to import the server certificate:
    • your_certificate_path: path for storing the custom certificate
    • your_truststore_name: user-defined truststore name
    • your_truststore_password: user-defined truststore password
    keytool -importcert -alias MySQLCACert -file your_certificate_path -keystore your_truststore_name -storepass your_truststore_password
  2. Enter yes when prompted, as shown in the following figure.
    Figure 1 Running the command
  3. Execute the following sample code.
    your_truststore_path indicates the truststore file path and your_truststore_password indicates the truststore password set in the command. 
    public class Main {
  private static String URL = "jdbc:mysql:loadbalance://" +
          "[FE1_host]:[FE1_port],[FE2_host]:[FE2_port],[FE3_host]:[FE3_port]/[your_database]?" +
          "loadBalanceConnectionGroup=first&ha.enableJMX=true";
  static Connection getNewConnection() throws SQLException, ClassNotFoundException {
      Class.forName("com.mysql.cj.jdbc.Driver");
      // There will be security risks if the password used for authentication is directly written into code. Encrypt the password in the configuration file or environment variables for storage;
      // In this example, the password is stored in environment variables for identity authentication. Before running the code in this example, configure environment variables first.
      String storePassword = System.getenv("STORE_PASSWORD");
      String userPassword = System.getenv("USER_PASSWORD");
      System.setProperty("javax.net.ssl.trustStore","your_truststore_path");
      System.setProperty("javax.net.ssl.trustStorePassword",storePassword);
      String user = "your_username";
      Properties props = new Properties();
      props.setProperty("user", user);
      props.setProperty("password", userPassword);
      props.setProperty("useSSL", "true");
      props.setProperty("requireSSL", "true");
      props.setProperty("verifyServerCertificate", "true");
      props.setProperty("sslMode", "VERIFY_CA");
      return DriverManager.getConnection(URL, props);
  }
  public static void main(String[] args) throws Exception {
      Connection c = getNewConnection();
      try {
          System.out.println("begin print");
          String query = "your sqlString";
          c.setAutoCommit(false);
          Statement s = c.createStatement();
          ResultSet resultSet = s.executeQuery(query);
          while(resultSet.next()) {
              int id = resultSet.getInt(1);
              System.out.println("id is: "+id);
          }
          System.out.println("end print");
          Thread.sleep(Math.round(100 * Math.random()));
          c.close();
      } catch (Exception e) {
          e.printStackTrace();
      }
  }
}