PJ Bergeron
Reputation: 2998
Provide SSL certificate to PostgreSQL in a Rails app
I have a Rails app on Elastic Beanstalk using an Amazon RDS PostgreSQL instance.
I'd like pg to use SSL to connect to this DB.
Following http://docs.aws.amazon.com/AmazonRDS/[...], I saved rds-combined-ca-bundle.pem at /config/ca/rds.pem and my database.yml looks like this:
production:
adapter: postgresql
database: <%= ENV['DB_NAME'] %>
username: <%= ENV['DB_USERNAME'] %>
password: <%= ENV['DB_PASSWORD'] %>
host: <%= ENV['DB_ADDRESS'] %>
port: <%= ENV['DB_PORT'] %>
sslmode: 'require'
sslrootcert: 'config/ca/rds.pem'
But I have no idea if it's really using SSL: I can change sslrootcert path to anything, and my app is still up. What am I missing?
Upvotes: 10
Views: 5008
Answers (1)
PJ Bergeron
Reputation: 2998
In your database.yml you have to use sslmode: 'verify-full' instead of sslmode: 'require' in order to verify the instance endpoint against the endpoint in the SSL certificate. This way the certificate is used.
Upvotes: 15
Related Questions
- SSL for PostgreSQL connection nodejs
- How to pass certificate path with Postgres database url string for SSL connection
- How do I make Rails use SSL to connect to PostgreSQL?
- npgsql connecting to AWS RDS PostgreSQL with SSL
- does rails postgres adapter support ssl?
- How to add SSL to Rails App?
- Rails app on aws using https
- SSL configuration
- SSL with Ruby on Rails
- Create ssl certificate for rails