I followed http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html to set up a ca key, ca cert, server key, server cert, client key, client cert. Worked fine, and I'm able to make SSL-encrypted connections from the stock/command-line mysql client to the server. Yay!

However, I'm having no luck making a JDBC connection with the connection parameter "verifyServerCertificate" set to true. I can make SSL connections if this parameter is false.

I've followed http://dev.mysql.com/doc/refman/5.1/en/connector-j-reference-using-ssl.html but I can't import "client.cert", I get: "keytool error: java.security.SignatureException: Signature does not match."

I've also tried generating my own client certificate. I'm able to create the "keystore" file this way. However, I get an error upon connecting: "javax.net.ssl.SSLException: Unsupported record version Unknown-0.0"

Questions:
1. any ideas on what else I should try?
2. using "verifyServerCertificate=false" is bad, right? If it were, I wouldn't be sure I'm connecting to the correct server.

Possibly related:
* http://serverfault.com/questions/63099/mysql-ssl-and-java-client-problem
* http://forums.mysql.com/read.php?39,356274,356274
* http://forums.mysql.com/read.php?30,296831,296831

Thanks!
-Adam