Installing a Database Server Certificate in the Team Studio JVM

When Team Studio connects to a data source with SSL enabled, the Team Studio JVM authenticates the (database) server's X.509 certificate to establish trust. If the certificate is not signed by a known certificate authority (CA), an error occurs when you try to add the data source.

Java is distributed with public keys from well-known certificate authorities, such as Verisign or Thawte. If the certificate installed on the database server was not signed by one of these CAs, the solution is to install the server's certificate into the Java installation running Team Studio.

Follow these steps to install a server certificate into the Team Studio JVM:

Prerequisites

Procedure

  1. Copy the certificate file, server.crt, from the database server to the host where Team Studio is running.
  2. On the Team Studio host, open a terminal window and change to the folder where the server.crt was copied.
  3. Run the following command to convert the certificate to a DER-encoded X.509 certificate:
    openssl x509 -in server.crt -out server.crt.der -outform der
  4. Run the following command to import the DER-encoded certificate into the Java keystore. You might need to run the command as root.
    keytool -keystore $JAVA_HOME/lib/security/cacerts -alias postgresql -import -file server.crt.der
  5. Restart Team Studio. You should be able to create a data source for the database without error.