User guide

ManualsBrandsAmazon ManualsComputer equipmentRedshift

161

162

163

164

165

166

167

168

169

170

${JAVA_HOME}/bin/keytool -keystore <keystore_name> -alias <alias> -import -file

<certificate_filename>

Where <keystore_name> is the keystore that your client application uses, and <alias> and

<certificate_filename> correspond to the descriptions as previously described.You will be prompted

to enter and re-enter a password that will be used for working with the keystore. Make note of this password

for later use.

Then, when you start your Java application you must specify this keystore and password to use:

java -Djavax.net.ssl.trustStore=keystore_name -Djavax.net.ssl.trustStorePass

word=password com.mycompany.MyApp

If you have problems with adding the certificate to your truststore, you can review log information for

errors. If you use SQL Workbench/J for the Amazon Redshift Getting Started and other related exercises

in the Amazon Redshift documentation, go to Configuration Directory in the SQL Workbench/J

documentation to find where logs are stored. If you are using a different client tool, refer to the

documentation that accompanies your tool to find where logs are stored.

Specify the following properties in your connection string:

• Property name: ssl

• Property value: true

For example, in SQL Workbench/J, you can specify the connection string with the ssl=true parameter in

the JDBC URL:

jdbc:redshift://examplecluster.abc123xyz789.us-west-2.redshift.amazon

aws.com:5439/dev?ssl=true

For more information about JDBC connections, see Obtain the JDBC URL (p. 140).

In Java code you can specify the connection string as follows:

Connection conn = null;

Properties props = new Properties();

props.setProperty("ssl", "true");

conn = DriverManager.getConnection(<jdbc-connection-string>, props);

For a full Java example using SSL, see Connecting to a Cluster by Using Java (p. 169).

Connect Without Using the Server Certificate in Java

If you do not use the server certificate, you can still connect to your Amazon Redshift cluster; however,

your client will not be able to validate that it is connecting to an Amazon Redshift cluster. If you don't use

the certificate, you can still connect by using SSL.

To connect without using a server certificate

Specify the following properties in your connection string:

• Property name: sslfactory

• Property value: com.amazon.redshift.ssl.NonValidatingFactory

API Version 2012-12-01

161

Amazon Redshift Management Guide

Configuring Connections in Amazon Redshift