Im trying to connect to oracle rds from a spring boot application. I want to connect to db over tcps. When trying im getting the below error:
Failed to create/setup connection: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I've placed the keystore.jks file in the resources folder of the application. JDK version-17, ojdbc8 version-21.9.0.0.
Options I've tried in my application.yml:
spring:
datasource:
url: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS(PROTOCOL=TCPS)(HOST=<host_name>)(PORT=2484))(CONNECT_DATA=(SID=<db_name>)))
username: <user_name>
password: <password>
driver-class-name: oracle.jdbc.OracleDriver
connection-properties: |
javax.net.ssl.keyStoreType=JKS;
javax.net.ssl.keyStore=classpath:keystore.jks;;
javax.net.ssl.keyStorePassword=<keystore-password>;
javax.net.ssl.trustStoreType=JKS;
javax.net.ssl.trustStore=classpath:keystore.jks;
javax.net.ssl.trustStorePassword=<keystore-password>
jpa:
properties:
hibernate:
dialect: org.hibernate.dialect.OracleDialect
spring:
datasource:
url: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS(PROTOCOL=TCPS)(HOST=<host_name>)(PORT=2484))(CONNECT_DATA=(SID=<db_name>)))
username: <user_name>
password: <password>
driver-class-name: oracle.jdbc.OracleDriver
hikari:
data-source-properties: |
oracle.net.ssl_server_dn_match=true;
oracle.net.ssl_version=1.2;
javax.net.ssl.trustStoreType=JKS;
javax.net.ssl.trustStore=classpath:keystore.jks;
javax.net.ssl.trustStorePassword=<keystore-password>
jpa:
properties:
hibernate:
dialect: org.hibernate.dialect.OracleDialect
spring:
datasource:
url: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS(PROTOCOL=TCPS)(HOST=<host_name>)(PORT=2484))(CONNECT_DATA=(SID=<db_name>)))
username: <user_name>
password: <password>
driver-class-name: oracle.jdbc.OracleDriver
ssl:
bundle:
jks:
server:
key:
alias: "server"
keystore:
location: "classpath:keystore.jks"
password: <keystore-password>
type: JKS
jpa:
properties:
hibernate:
dialect: org.hibernate.dialect.OracleDialect
sudo keytool -importcert alias rds-root -file /bundle.pem -keystore "jdk-17/lib/security/cacerts" -storepass <password>
Can anyone help me with the correct approch on how to configure the TCPS connection on oracleDB from springBoot applcication jdk 17
It seems there are some limitation for ojdbc8 when used with jdk 17. It was not able to connect to oracle RDS on 2484 port. Had to upgrade from ojdbc8 to ojdbc11.
Refer: JDBC Developer's Guide
Note: ojdbc8.jar support with JDK 11, JDK 17, and JDK 19 is limited only to the JDBC 4.2 APIs because ojdbc8.jar does not support JDBC 4.3 APIs.
With ojdbc11, using the below properties should allow to connect to oracledb on TCPS, i.e on port 2484.
spring:
datasource:
url: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS(PROTOCOL=TCPS)(HOST=<host_name>)(PORT=2484))(CONNECT_DATA=(SID=<db_name>)))
username: <user_name>
password: <password>
driver-class-name: oracle.jdbc.OracleDriver
hikari:
data-source-properties:
javax.net.ssl.trustStoreType=JKS
javax.net.ssl.trustStore=/path/to/keystore.jks
javax.net.ssl.trustStorePassword=<keystore-password>
jpa:
properties:
hibernate:
dialect: org.hibernate.dialect.OracleDialect