Configuring SSL connections to database servers in Aqua Data Studio requires passing JDBC parameters in the Drivers tab in Server Properties window.

How SSL Works

When an SSL client makes a connection to a server, it will get the servers Certificate and validate the Certificate based on the digital signature of a trusted Certificate Authority (CA).  A trusted CA is a CA which is located in the client's trusted store, which is located locally.  Lets take a web browser as an example.  If you use Google Chrome to connect to https://store.aquafold.com and click on the green lock you can see the Certificate and how it has been validated (see attached Trusted-CA).  If you try to connect to an HTTP server which has a self signed Certificate, such as the default web server on a Sonicwall firewall, Chrome will give you an error message because it can't validate the Certificate with a trusted CA (see attached Untrusted-CA).  In the Chrome settings you can manage the trusted CAs (see attached Chrome-Trusted-Certificates).

How SSL Works in Java

Aqua Data Studio is a Java application and the JDBC drivers are written in Java.  The Java platform provides an API to make SSL connections.  With this API you can programmatically make a "Validating" SSL connection or a "Non-Validating" SSL connection.  A validating SSL connection requires that the server certificate is validated with the Java trust store, while a Non-Validating SSL connection will succeed even if the Certificate can't be validated. 

Java SSL API : https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSocketFactory.html

The Java CA trusted store is located in <JAVA_HOME>\jre\lib\security\cacerts.  For ADS, Java is located in <ADS_HOME>\jre\.  You can read more about it here ...

http://superuser.com/questions/55470/which-trusted-root-certificates-are-included-in-java
http://stackoverflow.com/questions/21038249/certificates-trusted-by-the-default-jdk-installation

How SSL Works in JDBC Drivers

JDBC drivers use the Java SSL API to make SSL connections.  Some drivers will always use Non-Validating connections (such as SQL Server).  Some drivers will always use Validating connections (such as Vertica and Hive).  And some drivers will default to a Validating connection while providing a JDBC properties to enable a Non-validating connection (such as PostgreSQL and MongoDB).  The drivers that require or use a Validating connection can either use the Java trust store or their own configurable trust store.  It is generally not recommended to modify the Java trust store so most drivers provide documentation on how to create your own trust store and configure it only for their JDBC driver.
 
Here is a tutorial on how to create and manage keystores :
https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores

Example: Configuring SSL Connection to PostgreSQL 9.6

When connecting to a PostgreSQL server that requires SSL connection, perform the following steps in Aqua Data Studio. You must first obtain the server SSL certificate file from the database admin (let's name this file server.crt).

  1. Open the Server Properties dialog box for the PostgreSQL 9.6 connection and select the Driver tab.
  2. Enter the following in the Parameters field: ?client_encoding=sslmode=verify-ca&sslrootcert=/Users/nhilam/myssl/server.crt
  3. If the database server is configured for 2-way SSL (you usually get the "FATAL: connection requires a valid client certificate" error if your connection is configured as 1-way SSL), then do the following:

Example: Configuring SSL Connection to PostgreSQL 9.6 Using Self-Signed Certificate

For testing purpose, the PostgreSQL server can also be configured with a self signed SSL certificate.

  1. Generate the server certificate and key files as follows:

  2. Copy server.crt, server.key and root.crt to the PostgreSQL server machine, data directory.

  3. On the server machine, data directory:

  4. Copy server.crt, client.crt and client.pk8 to the client machine where Aqua Data Studio is running.
  5. In Aqua Data Studio: