Hi All ,
Thank you for all the replies , I think even if psql does not verify the certificate , it still has to import it. I guess like David mentioned it might have default certificates in the client and server.
Regards,
Shankar
On Tue, Aug 11, 2020 at 1:45 AM Tom Lane <tgl@xxxxxxxxxxxxx> wrote:
"David G. Johnston" <david.g.johnston@xxxxxxxxx> writes:
> On Mon, Aug 10, 2020 at 10:54 AM Shankar Bhaskaran <mailshankarb@xxxxxxxxx>
> wrote:
>> How does psql import the server certificate?
> It works by default because both the server and client are usually
> installed from the same source and the same default certificate files are
> provided to each.
Actually I suspect the answer is "it works because the default behavior
is to just encrypt the connection, not to try to verify the server
certificate". If you want it to fail when it doesn't recognize the server
cert, you need sslmode=verify-ca or sslosslmode=verify-full in your
connection string. See sslmode here:
https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
regards, tom lane
