How to use SSL encryption when connecting Vaadin App with Hibernate to Mari

andrew272 · August 10, 2020, 7:51am

I am currently working on a Java 8 app with Vaadin and Hibernate which I am trying to migrate to Azure for testing purposes. Everything worked out so far except for one thing:
When I activate the require SSL option in The MariaDB on [Azure]
(https://intellipaat.com/blog/what-is-microsoft-azure/), I can’t connect anymore:

Caused by: java.sql.SQLException: SSL connection is required. Please specify SSL options and retry.

Unfortunately I didn’t write this app myself and I am not too familiar with neither Vaadin nor Hibernate or even Java in general and how to establish ssl or db connections with those.
So I need some help:

This is the JDBC Connection string in the Servlet.java file, where for my understanding the db init happens:

Connection con = DriverManager.getConnection("jdbc:mysql://<username>.mariadb.database.azure.com:3306/<db>?autoReconnect=true", "<username>", "<password>");

which I changed by just adding this to the URL: &useSSL=true&requireSSL=true&verifyServerCertificate=true

Now the app doesn’t stop at the DB init anymore but still crashes before the page is fully rendered, with the same error message.

I found a hibernate.cfg.xml with the following content (I removed the mappings to keep it shorter):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hibernate-configuration PUBLIC "-//Hibernate/Hibernate Configuration DTD 3.0//EN"
    "http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">

<hibernate-configuration>
    <session-factory>
        <!-- Hibernate -->
        <property name="hibernate.use_sql_comments">true</property>
        <property name="hibernate.format_sql">true</property>
        <property name="hibernate.show_sql">false</property>
        <property name="hibernate.connection.autocommit">true</property>
        <property name="hibernate.dialect">org.hibernate.dialect.MySQLInnoDBDialect</property>

        <!-- Hikari -->
        <property name="hibernate.connection.provider_class">com.zaxxer.hikari.hibernate.HikariConnectionProvider</property>
        <property name="hibernate.hikari.dataSourceClassName">com.mysql.jdbc.jdbc2.optional.MysqlDataSource</property>
        <property name="hibernate.hikari.dataSource.url">jdbc:mysql://dbname.mariadb.database.azure.com:3306/db</property>
        <property name="hibernate.hikari.dataSource.user">username</property>
        <property name="hibernate.hikari.dataSource.password">password</property>
        <property name="hibernate.hikari.dataSource.cachePrepStmts">true</property>
        <property name="hibernate.hikari.dataSource.prepStmtCacheSize">250</property>
        <property name="hibernate.hikari.dataSource.prepStmtCacheSqlLimit">2048</property>
        <property name="hibernate.hikari.dataSource.useServerPrepStmts">true</property>
    </session-factory>

</hibernate-configuration>

What do I have to change there to make use of SSL for the connection?

mcollovati · August 10, 2020, 1:49pm

Without knowledge about your application configuration I can only suggest you to add ssl parameters also on datasource jdbc url property (hibernate.hikari.dataSource.url) in hibernate.cfg.xml, if you have not yet tried it.

I don’t know the usage of the connection created on your Servlet, but, if the application is using Hibernate to access data I’m pretty sure it would not use that connection.

I suppose Hibernate would get connections from the hikari connection pool configured in hibernate.cfg.xml, but you should check Hibernate initialization to be sure.

Martin595 · August 13, 2020, 4:49pm

Hi Andrew,

Do you actually have a SSL certificate for the database connection? If not, you can modify the connection string to not require SSL.

useSSL=false