I'm trying to get my Grails 6.2.0 application to connect to an AWS RDS MySQL database using SSL.
I generated a trust store file, rds-truststore.jks, which has the certificates for AWS RDS instances of all regions by following
this documentation.
I'm using the com.mysql:mysql-connector-j:8.3.0 library, and I know that I need to set the following environment variables in order for the application to connect to the database using SSL:
dataSource.properties.dbProperties.sslMode to VERIFY_IDENTITY.javax.net.ssl.trustStore to the path to the trust store file.javax.net.ssl.trustStorePassword to the correct password for the trust store file.Is there a conventional spot to put this .jks file in a Grails application?
And my follow up question is what should I set the javax.net.ssl.trustStore environment variable to so that it correctly points to rds-truststore.jks, both when the application is deployed on a Tomcat server as a .war file and when the application is running locally with the bootRun Gradle task?
Thanks to the suggestion of Gianluca Sartori in the Grails community Slack server, I ended up putting the file at project_root/src/main/resources/rds-truststore.jks.
This results in it being located at WEB-INF/classes/rds-truststore.jks in the .war build file.
When the application is deployed on a Tomcat server as a .war file, the javax.net.ssl.trustStore environment variable should be set to classpath:rds-truststore.jks.
When the application is running locally with the bootRun Gradle task,
the javax.net.ssl.trustStore environment variable should be set to ./src/main/resources/rds-truststore.jks.