In Django 1.9, what changes do I have to make in settings.py in order to connect to a postgresql database using cert authentication?
2 Answers
Adding this to settings.py worked for me:
import os
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': '<name>',
'USER': '<user>',
'PASSWORD': '<password>',
'HOST': '<host>',
'PORT': '25060',
'OPTIONS': {
'sslmode': 'verify-full',
'sslrootcert': os.path.join(BASE_DIR, 'ca-certificate.crt'),
},
},
}
5 Comments
Malik Faiq
is it okay to place the certificate file in repo?
wsgeorge
@MalikFaiq it's not.
pooley1994
@MalikFaiq The certificate file is public by definition, so there would be no security vulnerability posed by storing it in the repo and in some cases it may make sense to do so, however that is likely not best from a configuration management perspective.
AllAboutMike
This answer describes using certificates to make an SSL secured connection to postgresql using password authentication. I believe the OP was asking about "Certificate Authentication" (see jjanes answer)
dangelsaurus
@AllAboutMike, you are correct, not sure how I missed something so obvious now that I re-read it.
To my knowledge, django uses psycopg2, which in turn uses libpq. This means you shouldn't need to make any changes to settings.py.
You have to configure the server properly so it asks for and knows how to validate the certificate, and on the client side you need to put the crt and the key in the correct directory (e.g. ~/.postgresql) so that libpq knows how to find them. Once that is done properly, it should just work with no changes to any Django-specific code.
