JDBC parameter verifyServerCertificate=false conne

I am attempting to use the following setup to create an ssl connection to a MYSQL server. I noticed that when I specify verifyServerCertificate=false in the jdbc url, Java seems to ignore the keystore and truststore information I specified via System.setProperty. So I could comment out the code specified in 1) and the ssl connection will still be created successfully. When I specify verifyServerCertificate=true it seems to use the values set by 1). So my question is how is JDBC able to create an ssl connection when verifyServerCertificate=false, without using a client keystore and truststore? Thanks.

Java Code

System.setProperty("javax.net.ssl.keyStore",(String) keyStorePath);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
System.setProperty("javax.net.ssl.trustStore",(String) trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword",(String)   trustStorePassword));

String jdbcURL = "jdbc:mysql://192.11.11.111/database?verifyServerCertificate=false&useSSL=true&requireSSL=true";

Connection con = DriverManager.getConnection(jdbcURL, dbuser, dbpassword);

MYSQL Server

Grant statement:

'GRANT ALL PRIVILEGES ON *.* TO 'dbuser'@'%' IDENTIFIED BY PASSWORD \'*2343ASDFWETDFGDSFGSDFGSDSDFWERASF\' REQUIRE SSL WITH GRANT OPTION'

edit to my.cnf file

[mysqld]
ssl-ca=/etc/mysql/ca-cert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem

Additional Information

6) I'm am using a certificate authority I created.

7) Response to query

show variables like '%ssl%';

have_openssl    YES 
have_ssl    YES
ssl_ca  /etc/mysql/certs/ca.pem
ssl_capath  
ssl_cert    /etc/mysql/certs/server-cert.pem
ssl_cipher  
ssl_crl 
ssl_crlpath 
ssl_key /etc/mysql/certs/server-key.pem

Java can definitely establish an SSL connection without a client validating the certificate chain of the server.

The classes that are establishing the connection (javax.net.ssl classes) would normally treat the unverified server certificate with suspicion and would fail the handshake.

But they provide a way for the user's of those classes to in effect say "It's ok if the server's certificate doesn't validate, go ahead and establish the connection".

That is what's happening when you say verifyServerCertificate=false.

The SSL connection is perfectly valid from a cryptographic perspective but it is not an authenticated connection because you have no idea what the source of the server certificate is.