Description:
The MySQL JDBC driver uses the JVM default key store to establish and verify SSL database connections.  This causes administrative problems in web application containers, or other scenarios in which several applications will use the same JVM base, as follows:
1) Application developers must release private key passwords to server administrators to load TLS client certs
2) It effects a namespace collision if applications must use different client certs
3) It creates an unecessary coupling among the applications running in a JVM

How to repeat:
Attempt to use a bundled key store to establish an SSL connection nstead of the default key store. 

Suggested fix:
The addition of the following optional DriverProperties: clientCertificateKeyStoreType, clientCertificateKeyStoreUrl, clientCertificateKeyStorePassword, trustCertificateKeyStoreType, trustCertificateKeyStoreUrl, trustCertificateKeyStorePassword.  This would enable a user override of the first key store checked when establishing SSL database connections.  Use of a URL for the key stores would further allow web applications to use the ServletContext.getResource functionality in the J2EE spec.  The changes should be isolated to the NonRegisteringDriver, Connection, and MySQLIO classes in the com.mysql.jdbc package.  Patch attached.

proposed patch

Attachment: NonRegisteringDriver.java (application/octet-stream, text), 28.24 KiB.

proposed patch

Attachment: Connection.java (application/octet-stream, text), 148.60 KiB.

proposed patch

Attachment: MysqlIO.java (application/octet-stream, text), 98.87 KiB.

see also Bug #17320

Hi Benjamin. I believe this is fixed in c/J 5.1, see related Bug#36948:
    System.setProperty("javax.net.ssl.keyStore","c://jvms//jdk1.5.0//bin//bug36948");
    System.setProperty("javax.net.ssl.keyStorePassword","*****");
    System.setProperty("javax.net.ssl.trustStore","c://jvms//jdk1.5.0//bin//bug36948");
    System.setProperty("javax.net.ssl.trustStorePassword","******");