Reputation: 23
Postgres: How to verify which certificate is being used for SSL
On a Linux host, when I run the command psql --set=sslmode=verify-full -h (rest of connection command...) I connect to my postgres DB successfully. It also print information on the SSL connection cipher when my psql session begins. What confuses me is I can't figure out how the certificate used is being specified as I'm not listing any in my psql command. https://www.postgresql.org/docs/9.2/libpq-connect.html implies it defaults to stuff in a ~/.postgresql folder, but I don't have such a folder currently. I've seen references to environment variables like PGSSLROOTCERT mentioned elsewhere, but I don't have those set.
How do I determine which SSL certificate is being used? If it matters this is for a connection to an AWS RDS database.
Upvotes: 1
Views: 4032
Answers (1)
Reputation: 44413
psql --set=sslmode=verify-full -h ...
This sets a "psql" variable named sslmode. This variable makes no difference to anything. So you are not actually doing verification of the server's cert.
Try setting sslmode in a supported way, like:
PGSSLMODE=verify-full psql -h ...
or
psql sslmode=verify-full -h ...
(But if you use this last one, then you cannot have a -d option hiding in the ...)
Upvotes: 2
Related Questions
- Using psql to connect to PostgreSQL in SSL mode
- Test connection to postgres with SSL with the command line
- How to enforce client to use SSL for postgresql?
- PostgreSQL connection require a valid client certificate
- Error When Connecting Postgres Db: Server Certificate Does Not Match Host Name
- How to configure SSL certificate into PostgreSQL 9.4?
- "HostName not verified error message" on SSL connection in postgresql
- Django - postgres: how can I verify whether the database connection is SSL?
- Enable SSL connections on PostgreSQL server
- How to check if PostgreSQL installation supports SSL?