This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 51%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
i have i virtual network where in 1 subnet my aks cluster is present and another subnet my private postgress flexible server is present.
i am connecting my application from aks cluster to private postgress server through private network using "sslmode=require" ,
while trying to connect i am getting error in my application pod "error fetching from postgres, err: x509: certificate signed by unknown authority"
PostgreSQL version : 16.3
can you tell me how to solve this error, do i need to add any certificate if yes then in which place ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 79%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Hi Kishor ,
Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hi Kishor ,
Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Based on this article :
To have a CA certificate available to the client Certification needs to be added to the system or it can be supplied via -ca-cert/-ca-path or related environmental variables.
We can apply these two ways:
-ca-cert=with a value that is the full path to the PEM encoded CA certificate file-ca-path= with a value that is the full path to a directory containing certificates including that of the relevant CAIf we like to disable checking for testing purposes we can use tls_skip_verify
Disable verification of TLS certificates. Using this option is highly discouraged.
Hi
The certificate you need to provide on the client-side is the Certificate Authority (CA) certificate of your Azure Private PostgreSQL Flexible Server. This certificate is provided by Azure, and you can obtain it from the Azure portal or using the Azure CLI.