I'm trying to get my Grails 6.2.0 application to connect to an AWS RDS MySQL database using SSL.
I generated a trust store file, rds-truststore.jks
, which has the certificates for AWS RDS instances of all regions by following
this documentation.
I'm using the com.mysql:mysql-connector-j:8.3.0
library, and I know that I need to set the following environment variables in order for the application to connect to the database using SSL:
dataSource.properties.dbProperties.sslMode
to VERIFY_IDENTITY
.javax.net.ssl.trustStore
to the path to the trust store file.javax.net.ssl.trustStorePassword
to the correct password for the trust store file.Is there a conventional spot to put this .jks
file in a Grails application?
And my follow up question is what should I set the javax.net.ssl.trustStore
environment variable to so that it correctly points to rds-truststore.jks
, both when the application is deployed on a Tomcat server as a .war
file and when the application is running locally with the bootRun
Gradle task?
Thanks to the suggestion of Gianluca Sartori in the Grails community Slack server, I ended up putting the file at project_root/src/main/resources/rds-truststore.jks
.
This results in it being located at WEB-INF/classes/rds-truststore.jks
in the .war
build file.
When the application is deployed on a Tomcat server as a .war
file, the javax.net.ssl.trustStore
environment variable should be set to classpath:rds-truststore.jks
.
When the application is running locally with the bootRun
Gradle task,
the javax.net.ssl.trustStore
environment variable should be set to ./src/main/resources/rds-truststore.jks
.