Maria DB Driver with AWS Aurora
Hi,
We use MariaDB Connector/J to connect to AWS Aurora RDS. RDS has SSL enabled. We use rds-combined-ca-bundle.pem to connect to RDS. This works fine in us-east region. We are trying to deploy our application to Frankfurt. When we try to connect to Aurora RDS in Frankfurt region, connection fails with the following error.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) [?:1.8.0_91] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) [?:1.8.0_91] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) [?:1.8.0_91] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) [?:1.8.0_91] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) [?:1.8.0_91] at sun.security.validator.Validator.validate(Validator.java:260) [?:1.8.0_91] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) [?:1.8.0_91] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) [?:1.8.0_91] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105) [?:1.8.0_91] at org.mariadb.jdbc.internal.protocol.tls.MariaDbX509TrustManager.checkServerTrusted(MariaDbX509TrustManager.java:208) [mariadb-java-client-2.2.0.jar:?]
If we use EU specific certificate we are able to connect but we do not want to customize per region specific certificates. Does Mariadb driver support certificate chains? If yes then why we are not able to connect to RDS using combined cert?
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
Maria DB Driver version:2.2.0
Answer Answered by Diego Dupin in this comment.
I was thinking about Amazon certificate not following standard (https://jira.mariadb.org/browse/CONJ-511?focusedCommentId=99090&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-99090) but this is a new issue.
MariaDB java connector permits multi-certificate, so there is no reason for that kind of issue. If this still occur, can you create a JIRA issue (https://jira.mariadb.org/projects/CONJ/) that is the Bug tracker for java connector ?