21

I created server.crt, server.key and root.crt files on Centos 7 and put the same onto the C:\Users\xxxx\AppData\Roaming\postgresql folder in windows as i am running the postgresql server on windows. Now on running my applications using SSL, i am getting the error as

"The host name could not be verified"

Any help please.

Improve this question
2
  • Are you using the JDBC driver on the client side? If not, what else? Commented May 3, 2018 at 9:56
  • Yes,JDBC driver i am using Commented May 3, 2018 at 10:28

3 Answers 3

Reset to default
40

I am using JetBrains Data Grip to access Postgres dbs on Heroku, and got the same error in the latest JDBC driver version. That's how I solved it (using answers provided here).

Set the following in the Advanced tab:

ssl=true

sslmode=require

sslfactory=org.postgresql.ssl.NonValidatingFactory

(I updated sslmode value from verify-ca to required because it works with Heroku Postgres now)

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

yes, "sslmode=verify-ca" is important. The official docs on jetbrains.com do not mention it.
Actually, sslmode=require is the way to go if you are using a self-signed certificate on the server.
@LaurenzAlbe I agree. I checked sslmode=required works with Heroku now. So, I think it is better answer to keep it required so that it can cover self-signed certs. Thank you.
it should be 'require' not 'required' in sslmode. Your picture shows it correctly but your answer has a typo.
In my case, sslmode=require was sufficient.
16

If you don't care about hostname verification while still wanting to use a certificate, you can use the additional parameter sslmode=verify-ca as a connection parameter or as part of the URL to disable hostname verification while retaining certificate verification.

Improve this answer

1 Comment

interesting that this works even though "Use SSL" is unchecked
9

To use the PostgreSQL JDBC driver without server certificate validation, use

sslfactory=org.postgresql.ssl.NonValidatingFactory

as connection parameter or as part of the URL as described in the documentation.

With later versions of the JDBC driver, you have to specify

sslmode=require

because the default value verify-full means that the client wants to check the certificate and identity of the server.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.