Reputation: 880
Set up Google cloud certificates for Postgresql database ( hostname mismatch )
I have a postgreSQL database set up in google cloud. To connect via SSL google cloud provides 3 .pem files, server-ca, client-cert and 'client-key'.
I am using a different tool which always uses the SSL's setup in the ~/.postgresql/ folder. So I set the given .pem files by google cloud up in this folder as the corresponding .crt files. To test if this works I use the command below.
PGSSLMODE=verify-full psql -h 12.34.5.78 -d postgres -U postgres
This gives the output:
psql: error: connection to server at "12.34.5.78", port 5432 failed:
server certificate for
"project_name:instance_name" does not match host name "12.34.5.78"
Seems like the certificates mix-up the host names, anyone has an idea on how to solve this problem?
Upvotes: 0
Views: 565
Answers (1)
Reputation: 44285
It seems odd that a cloud provider would issue certificates without hooking the CN or SAN of the cert up to their DNS.
But since they have done so, a less invasive work around than editing /etc/hosts might be to specify the host name in the cert into host field while putting the ip address into hostaddr field. But i don't think hostaddr has a 'command line argument' form, so you would have to switch to using the 'list-of-keywords' form of connection string.
Upvotes: 2
Related Questions
- Npgsql - Connection String for Google SQL PostgreSQL instance using SSL
- Error When Connecting Postgres Db: Server Certificate Does Not Match Host Name
- Connect to a Google Cloud SQL Postgres DB over SSL using psycopg2
- Connection from google data studio to google cloud sql postgres with SSL
- "HostName not verified error message" on SSL connection in postgresql
- SSL connection to Google Cloud Postgres
- Connection to Google Cloud PostgreSQL via JDBC with SSL
- Connecting to Google Cloud SQL PostgreSQL using Cloud Shell with SSL?
- SSL Certification Error > hostname doesn't match
- Postgresql : SSL certificate error unable to get local issuer certificate