Connection to postgres server on Azure fails when I use "sslmode=verify-full"

Question

When I select "sslmode=verify-full" when connecting to my postgres server in Azure, the connection fails with the following error:

server certificate for "<region>.control.database.windows.net" (and 7 other names) does not match host name "<servername>.postgres.database.azure.com".

Is "sslmode=verify-full" not allowed for Azure Database for PostgreSQL service? How do I connect to my postgres server in Azure if I have a requirement to use "sslmode=verify-full"?

Answer 1

"sslmode=verify-full" is supported in Azure Database for PostgreSQL service, however there is a limitation in the current implementation of the service.

If you require using "sslmode=verify-full", please use the server naming convention <servername>.database.windows.net as your connection string host name instead of the preferred host naming convention <servername>.postgres.database.azure.com.

This limitation is expected to be removed in the future. Connections using other SSL modes should continue to use the preferred host naming convention <servername>.postgres.database.azure.com.

Please refer to How to Configure SSL for Postgres in Azure for more details.