I was reading this:
Step 2 says "Install the certificate in your operating system", but I am able to connect with psql without doing anything, and when I do, it says SSL connection. Without the servers certificate, how can it do this? Where are public certificates to be kept for a client to check? I've seen things talking about ~/.postgresql, others saying with the rest in /etc/ssl, but I don't see Amazon's anywhere on my system.
1 Answer 1
This is just a very vague idea of what might have happened here. It is not possible that you can enter the server without a certificate if the server is SSL encrypted.
I had tried some environment variable setting directly in front of the psql command that loaded the certificate:
PGSSLMODE=require PGSSLROOTCERT=server-ca.pem psql -h your_host -U your_user -W -d your_db
And that solution turned out to be the right one, but I had another mistake in the command at that time so that I saved the correct settings without knowing.
When I then entered the psql command without any environment variable being set and with the other unrelated mistake being solved, it worked without any certificate.
Later, it turned out that the environment variables were the right way to go and that the pem certificate is kept in the env var, you do not need to assign it again and again.