Connecting to Aerospike host via SSL using the JDBC driver defaults to 3000 port

I am trying to connect to an aerospike host which requires SSL. Connecting via the aql command works fine. However connecting to the same using the JDBC driver fails.

Running the following command is able to successfully connect to aerospike

aql -h test-host.co.in:tls1:4333 --tls-enable --tls-cafile ~/certificates/aerospike-server-ca.pem

However when I try to connect using a JDBC connection string using the aerospike JDBC driver it fails the connect.
This is the jdbc connection string I used

jdbc:aerospike:ssl://test-host.co.in:4333?enableTLS=true&trustStorePath=~/certificates/aerospike-server-ca.pem

It gives an error that it failed to connect to ssl 3000. Is there something wrong in my JDBC string? I tried using this via Datagrip & DBeaver and faced the same error at both softwares. Why is this even defaulting to 3000 port when 4333 port is explicitly specified?

 Failed to connect to [1] host(s): ssl 3000

It looks like there might be a few things wrong with your configuration. Judging by your AQL line it looks like your certificate has a name of "tls1" so you need to pass this to the JDBC driver with &tlsName=tls1. The trustStorePath you have isn't valid, I believe the parameter you're looking for is tlsTruststorePath. You can see a full list of the valid values at AerospikeTLSPolicyConfig.

However, I also believe that the configuration expects a standard Java truststore and not a .pem certificate. You should be able to convert your PEM file to a truststore using

keytool -import -alias serverkey -file aerospike-server-ca.pem -keystore truststore

You will then need to pass the password of the truststore you created using &tlsTruststorePassword=<password> where <password> is the password you selected when creating the truststore above.

So I would look at using a JDBC connect string similar to:

jdbc:aerospike://test-host.co.in:4333?enableTLS=true&tlsTruststorePath=/home/myuser/certificates/truststore&tlsTruststorePassword=<password>&tlsName=tls1

You will need to change myuser to your user name. Or make sure you put in the correct path to the truststore you created. "~" is an abstraction provided by the shell and Java does not recognise it, so a fully qualified path to your truststore is your best bet.

Note: based on your AQL line, I'm assuming you are NOT doin mTLS and therefore do not need provide client certs to the server.