[h2] Connect to h2 server using SSL

Wed, 23 Oct 2019 05:53:22 -0700 

When connecting to h2 server using the ssl url: 
jdbc:h2:ssl:localhost/mydatabase 

I get the below excpetion:

Exception in thread "main" org.h2.jdbc.
JdbcSQLNonTransientConnectionException: Connection is broken: 
"javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target: localhost" [90067-199]
    at org.h2.message.DbException.getJdbcSQLException(DbException.java:617)
    at org.h2.message.DbException.getJdbcSQLException(DbException.java:427)
    at org.h2.message.DbException.get(DbException.java:194)
    at org.h2.engine.SessionRemote.connectServer(SessionRemote.java:435)
    at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.
java:317)
    at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:169)
    at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:148)
    at org.h2.Driver.connect(Driver.java:69)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:247)
    at org.h2.tools.RunScript.process(RunScript.java:327)
    at org.h2.tools.RunScript.runTool(RunScript.java:143)
    at org.h2.tools.RunScript.main(RunScript.java:70)

The error message is like the one I found at: 
http://h2-database.66688.n3.nabble.com/H2-TCP-server-and-SSL-how-to-use-it-td4032294.html

After some experiments, I figured out that adding 
-Djavax.net.ssl.trustStore=$HOME/.h2.keystore
to the commandline of the client resolves the issue.

My questions here is: 

   - In order to have zero config on clöientside for using anonymous tls, 
   would it make sense to add this setting to 
   org.h2.security.CipherFactory.setKeystore function?

-- 
You received this message because you are subscribed to the Google Groups "H2 
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to h2-database+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/h2-database/ea9405fc-d925-4388-8c6f-1c39be8fa369%40googlegroups.com.

Reply via email to