How to specify a client certificate to psql?
Solution 1
As stated in the documentation linked by @Milen, you can do this by setting the PGSSLCERT
and PGSSLKEY
environment variables, or by adding sslcert=<cert location> sslkey=<key location>
to the connection string.
Solution 2
The end result looks like
$>psql "port=5431 host=localhost user=postgres sslcert=./test/client.crt sslkey=./test/client.key sslrootcert=./test/server.crt sslmode=verify-ca"
All the variables are here.
Related videos on Youtube
Comments
-
Ionoclast Brigham over 1 year
I have a Postgres server with a user
dev
which requires a client certificate to log in. I'm using the commandpsql "sslmode=require user=dev host=db.prod"
, which gives mepsql: FATAL: connection requires a valid client certificate
.I know where the certificate is on my server. My question is, how do I specify the client certificate location to
psql
?-
Federico Sierra about 9 years
-
Milen A. Radev about 9 years
-
-
Seldom 'Where's Monica' Needy almost 8 yearsI'll note here that
PGSSLCERT
andPGSSLKEY
also allow paths to be specified, so don'tcat
the certificate or key itself into those variables. -
Radu Simionescu over 5 yearsif I place root crt in ~/.postgreqsl/ I don't have to provide any key. If I place it somewhere else and provide sslrootcert, suddenly I have to also provide key - do you know how does that work?