Connecting to a Database in SSL Mode
When establishing connections to the GaussDB server using JDBC, you can enable SSL connections to encrypt client and server communications for security of sensitive data transmission on the Internet. In this section, the DriverManager.getConnection(String url, Properties info) API is used to connect to the database.
Using a Certificate for Authentication
Before performing the steps below, log in to the GaussDB management console. On the Instances page, click the instance name to go to the Basic Information page. On the displayed page, click under SSL to download the root certificate or certificate bundle, and save the ca.pem root certificate to the client.
To configure certificates on the client to connect to a database, perform the following steps:
- Import java.sql.Connection, java.sql.DriverManager, and java.util.Properties.
Additionally, import other APIs and classes as needed based on your application requirements. For details, see JDBC Interface Reference.
import java.sql.Connection; import java.sql.DriverManager; import java.util.Properties;
- Specify the database sourceURL (change $ip, $port, and database in the URL as required), username, and password.
Storing usernames and passwords directly in code poses significant security risks. Instead, use environment variables to securely manage credentials.
String sourceURL = "jdbc:gaussdb://$ip:$port/database"; Properties urlProps = new Properties(); urlProps.setProperty("user", System.getenv("EXAMPLE_USERNAME_ENV")); urlProps.setProperty("password", System.getenv("EXAMPLE_PASSWORD_ENV"));
- Set the SSL attribute to true and configure the ca.pem root certificate on the client.
urlProps.setProperty("ssl", "true"); urlProps.setProperty("sslrootcert", "ca.pem");;
- Configure sslmode.
Set sslmode to require, verify-ca, or verify-full. For details about these values, see sslmode. Choose the appropriate option based on your requirements.
/* Set sslmode to require. */ urlProps.setProperty("sslmode", "require"); /* Set sslmode to verify-ca. */ urlProps.setProperty("sslmode", "verify-ca"); /* Set sslmode to verify-full (verification in Linux). */ urlProps.setProperty("sslmode", "verify-full");
- Load the driver.
- Add the gaussdbjdbc.jar package to the runtime environment (for example, the IDE).
- Load the database driver com.huawei.gaussdb.jdbc.Driver.
Class.forName("com.huawei.gaussdb.jdbc.Driver");
- Create a database connection.
Call DriverManager.getConnection(String url, Properties info) to connect to the database.
Connection conn = DriverManager.getConnection(sourceURL,urlProps);
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot