To enable SSL support, use the ssl keyword on the command line when starting the Network Server, or specify the derby.drda.sslMode property in derby.properties.
In addition, you will need to create a server key pair, and you will need to specify the keystore and password when starting the server. For more information about key and certificate handling see http://db.apache.org/derby/docs/10.4/adminguide/cadminsslkeys.html
Run keytool to create the key pair. keytool is located in the JRE bin directory:
keytool -genkey -alias myDatabase -keystore serverKeyStore.key
You will be prompted for various values, such as Name, Organization, etc. One of those parameters will be the password for access to the keystore.
Name: ..
Organization: ...
....
password: myPassword
Specify the keystore and password and the ssl keyword when starting the server:
java -Djavax.net.ssl.keyStore=serverKeyStore.key \
-Djavax.net.ssl.keyStorePassword=myPassword \
-jar %DERBY_HOME%\lib\derbyrun.jar server start -h 0.0.0.0 -p 446 -ssl basic