When I select "sslmode=verify-full" when connecting to my postgres server in Azure, the connection fails with the following error:
server certificate for "<region>
.control.database.windows.net" (and 7 other names) does not match host name "<servername>
.postgres.database.azure.com".
Is "sslmode=verify-full" not allowed for Azure Database for PostgreSQL service? How do I connect to my postgres server in Azure if I have a requirement to use "sslmode=verify-full"?
In libpq, secure connections can be ensured by setting the sslmode parameter to verify-full or verify-ca , and providing the system with a root certificate to verify against. This is analogous to using an https URL for encrypted web browsing. Once the server has been authenticated, the client can pass sensitive data.
For organizations that need to customize their PostgreSQL deployments, and need to overcome the limitations of the Azure Database for PostgreSQL managed service, the self-managed Azure VM option is the most appropriate option.
The psql client is a popular choice for connecting to PostgreSQL servers. You can connect to your server by using psql with Azure Cloud Shell. You can also use psql on your local environment if you have it available. An empty database, postgres, is automatically created with a new PostgreSQL server.
"sslmode=verify-full" is supported in Azure Database for PostgreSQL service, however there is a limitation in the current implementation of the service.
If you require using "sslmode=verify-full", please use the server naming convention <servername>
.database.windows.net as your connection string host name instead of the preferred host naming convention <servername>
.postgres.database.azure.com.
This limitation is expected to be removed in the future. Connections using other SSL modes should continue to use the preferred host naming convention <servername>
.postgres.database.azure.com.
Please refer to How to Configure SSL for Postgres in Azure for more details.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With