Postgres SSL troubleshooting

I decided to try to build a troubleshooting matrix for Postgres SSL client and server problems because the solutions to each problem were far from intuitive.

Server error Client error Solution
FATAL: no pg_hba.confg entry for host "x", user"x", database "x", SSL off same as server Set the PGSSLMODE on the client
LOG: could not accept SSL connection: tlsv alert unknown ca psql: SSL error: certificate verify failed ensure that the keys and certificates on the client and server are signed correctly and in the right places with the correct root.crt available
FATAL: certificate authentication failed for user "x" psql: FATAL: certificate authentication failed for user "x" ensure that the CN on the Client postgres.crt matches an entry in pg_ident.conf and that you are trying to connect using the matching user
LOG: could not receive data from client: Connection reset by peer Psql: server common name "x" does not match host name "x" ensure the '-h [hostname]' on the psql command line matches the CN of the server.crt

Leave a Reply