Does the PaaS offering from Azure , that is Azure PostgreSQL support custom certificate?

MS Techie 2,701 Reputation points
2020-09-18T06:51:03.213+00:00

https://learn.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security

From the above Microsoft URL , i can see that Azure PostgreSQL supports having an SSL certificate , in connection string.

Eg: psql "sslmode=verify-full sslrootcert=BaltimoreCyberTrustRoot.crt host=mydemoserver.postgres.database.azure.com dbname=postgres user=myusern@mydemoserver"

Instead of the sslrootcert = BaltimoreCyberTrustRoot.crt , can i use a different certificate or configure the PaaS service of Azure PostgreSQL to use other cert , like for example abc.crt , that is sslrootcert=abc.crt

Please help.

Azure Database for PostgreSQL
0 comments No comments
{count} votes

Accepted answer
  1. Anurag Sharma 17,606 Reputation points
    2020-09-18T08:20:03.083+00:00

    Hi @MS Techie , welcome to Microsoft Q&A forum.

    As of now it is not permitted to use any certificates other than the one specified in the mentioned documents. Below is the details from the doc:

    "In some cases, applications use a local certificate file generated from a trusted Certificate Authority (CA) certificate file to connect securely. Currently customers can only use the predefined certificate to connect to an Azure Database for PostgreSQL server, which is located here. However, Certificate Authority (CA) Browser forum recently published reports of multiple certificates issued by CA vendors to be non-compliant.

    As per the industry’s compliance requirements, CA vendors began revoking CA certificates for non-compliant CAs, requiring servers to use certificates issued by compliant CAs, and signed by CA certificates from those compliant CAs. Since Azure Database for PostgreSQL currently uses one of these non-compliant certificates, which client applications use to validate their SSL connections, we need to ensure that appropriate actions are taken (described below) to minimize the potential impact to your PostgreSQL servers.

    The new certificate will be used starting October 26, 2020 (10/26/2020). If you use either CA validation or full validation of the server certificate when connecting from a PostgreSQL client (sslmode=verify-ca or sslmode=verify-full), you need to update your application configuration before October 26, 2020 (10/26/2020).

    More details on: https://learn.microsoft.com/en-us/azure/postgresql/concepts-certificate-rotation

    Please let me know if that answers your query.

    ----------

    If an answer is helpful, please "Accept answer" or "Up-Vote" for the same which might be beneficial to other community members reading this thread.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.