keytool -importcert -alias Cacert -file ca.pem -keystore trust-store-mysql -storepass password1
linux环境下
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -name "mysql-client" -passout pass:password2 -out client-keystore.p12
keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 -srcstorepass password2 -destkeystore key-store-mysql -deststoretype JKS -deststorepass passowrd3
拷贝key-store-mysql、trust-store-mysql到resource目录下,配置application.yml
mysql-ssl: true&verifyServerCertificate=true&requireSSL=true&clientCertificateKeyStoreUrl=classpath:key-store-mysql&clientCertificateKeyStorePassword=password3trustCertificateKeyStoreUrl=classpath:trust-store-mysql&trustCertificateKeyStorePassword=password1
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
username: db-username
password: db-password
url: jdbc:mysql://database-ip:3305/demo?serverTimezone=Asia/Shanghai&useUnicode=true&characterEncoding=utf-8&useSSL=${mysql-ssl}
