Action Required - Azure Database for PostgreSQL - Certificate rotation for Azure Database for PostgreSQL - Single Server

Question

Hi Azure team,

we are getting below mail notification from Azure, any idea why we are getting this mail as we are already moved into flexi server last year.

Action Required - Azure Database for PostgreSQL - Certificate rotation for Azure Database for PostgreSQL - Single Server

regards,

Monish

Answer 1

Thanks for your question.

Please refer below document for complete information and “Understanding the changes in the Root CA change for Azure Database for MySQL single server”

Certificate rotation for Azure Database for MySQL | Microsoft Learn

FAQ snippet from the doc –

I don't specify any CA cert while connecting to my single server instance over SSL, do I still need to perform the steps mentioned above?

If you have both the CA root cert in your trusted root store, then no further actions are required. This also applies to your client drivers that use local store for accessing root CA certificate.

How do I know if I'm using SSL/TLS with root certificate verification?
You can identify whether your connections verify the root certificate by reviewing your connection string.

·        If your connection string includes sslmode=verify-ca or sslmode=verify-identity, you need to update the certificate.

·        If your connection string includes sslmode=disable, sslmode=allow, sslmode=prefer, or sslmode=require, you don't need to update certificates.

·        If your connection string doesn't specify sslmode, you don't need to update certificates.

If you're using a client that abstracts the connection string away, review the client's documentation to understand whether it verifies certificates.

Please let us know in case if you are looking for any additional information.

Thank you!