Hi Lewis,

You don't need client certificates to use SSL support in Connector/J. Actually you don't need to use any certificates at all in the client side.

The documentation isn't complete regarding to this. If you wish you can file a Connector/J Documentation bug (https://bugs.mysql.com) so that you can track change/progress while we fix it.

So, for you to use SSL in Connector/J you just have to configure SSL on server, as long as you are using a not so old Connector/J version. I would recommend you to update to latest GA version if you haven't done yet, though.

Connector/J connects securely by default, as such you are not required to provide any client certificate (usually in a keystore) nor a CA certificate (usually in a truststore), but, in order to increase the security levels you may want to provide a truststore containing the CA certificate (system property 'javax.net.ssl.trustStore' or connection property 'trustCertificateKeyStoreUrl') which would used in conjunction with the connection property 'verifyServerCertificate', allowing the client to do an additional verification on the server certificate while establishing the connection, and/or you may want to provide client certificate/keys (system property 'javax.net.ssl.keyStore' or connection property 'clientCertificateKeyStoreUrl') in order to make the server do additional verifications on the client identity and security requirements (https://dev.mysql.com/doc/refman/5.7/en/create-user.html#create-user-tls).

You can find instructions and sample cases (in tests) on the Connector/J repository (https://github.com/mysql/mysql-connector-j/tree/release/5.1/src/testsuite/ssl-test-certs).

I hope this helps.