To connect using a server certificate
1. Use the keytool program to add the certificate to a keystore. Do one of the following:
a. At a command prompt, use the following command to add the certificate to your default keystore:
${JAVA_HOME}/bin/keytool -import -alias <alias> -file <certificate_file
name>
Where <alias> is a unique name used to access the certificate and <certificate_filename>
is the full path to the certificate file that you downloaded.The alias can be any string value you
want to use to identify the key in the keystore.
Note
If a keystore doesn't already exist, you may be prompted to enter and re-enter a
password that will be used for working with the keystore. Make a note of this password
for later use.
b. At a command prompt, use the following command to add the certificate to a specific keystore.
${JAVA_HOME}/bin/keytool -import -keystore <keystore_name> -alias <alias>
-file <certificate_filename>
Where <keystore_name> is the keystore that your client application uses.
2. Specify the following properties in your connection string.
property name: ssl
property value: true
For example, in SQL Workbench/J, you can specify the connection string as follows:
jdbc:postgresql://CLUSTERNFO.redshift.amazonaws.com:PORT/DBNAME?ssl=true
Where:
• CLUSTERINFO is the specific connectivity information for your cluster, e.g.,
examplecluster.copoarqsqlsn.us-east-1.
• PORT is the port you specified when you created the cluster, e.g., 5439.
• DBNAME is the name of the database you specified when you created the cluster, e.g., mydb.
In Java code you can specify the connection string as follows:
Connection conn = null;
Properties props = new Properties();
props.setProperty("ssl", "true");
conn = DriverManager.getConnection(<jdbc-connection-string>, props);
For a full Java example using SSL, see Connecting to a Cluster by Using Java (p. 107).
API Version 2012-12-01
106
Amazon Redshift Management Guide
Connect Using the Server Certificate in Java
To Next Page
Loading...