Bring up the server and turn on SSL.
This example first brings up the server and turns on SSL. It also tells the server that NATIVE credentials will be stored in the mchrystaEncryptedDB database. That last directive causes the Database Owner's credentials to be stored when mchrystaEncryptedDB is created.
java -Djavax.net.ssl.keyStore=/Users/me/vault/ServerKeyStore \ -Djavax.net.ssl.keyStorePassword=secretServerPassword \ -Djavax.net.ssl.trustStore=/Users/me/vault/ServerTrustStore \ -Djavax.net.ssl.trustStorePassword=secretServerTrustStorePassword \ -Dderby.storage.useDefaultFilePermissions=false \ -Dderby.authentication.provider=NATIVE:mchrystaEncryptedDB \ org.apache.derby.drda.NetworkServerControl start -p 8246 \ -ssl peerAuthentication