Importing the Database Server Certificate
If the certificate your database is using is self-signed or not signed by a common trusted Certificate Authority (CA), then you will likely need to import that certificate into your default Java truststore in order to connect to your database using SSL/TLS.
Your default Java truststore is typically the "cacerts" JKS file that usually resides inside your Java installation folder under "jre/lib/security", and the default password is "changeit".
You can also override the default truststore by supplying the "-Djavax.net.ssl.trustStore" JVM option into the mcserver.vmoptions or mcservice.vmoptions files.
Using keytool:
keytool -importcert -keystore /path/to/javahome/jre/lib/security/cacerts -storepass changeit - alias myalias - file /path/to/cert/server .crt -noprompt |
Make sure to change the paths and alias above as needed. Depending on your permissions you may need to perform this as sudo/Administrator to edit the Java cacerts truststore.
You can also use a GUI tool like Portecle to import the cert.