With the recent update from AWS regarding updating the SSL Certificate for RDS:
In order to update your certificates to rds-ca-2019, the database clients which use SSL will need to be updated first, to do so download the new certificate from https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
I also tried the intermediate certificates.
We use RDS PostgreSQL db. I tried to connect to PostgreSQL using pgadmin with the new certificate.
I have specified the postgresql username, password, SSH tunnel along with the new pem certificate.
I am getting error "No password or public key available!"
I am able to connect using the existing pem file. Why am I not able to connect with the new pem file to the postgresql DB?
It may be too early to use the new certificate. I included rds-ca-2019-root.pem in my codebase and once deployed updated my database connection string to use it, but the app was unable to connect.
However, I was successful when I put rds-combined-ca-bundle.pem in my codebase that I got from here as mentioned here and referenced that in my database connection URL.
N.B. I am using mysql on a rails app from heroku, but the SSL challenges should be the same
Related
Following the instructions here, I'm having problem connecting to the DB from Azure Data Studio using the token I generate. It connects to the DB successfully, but as soon as I want to run a simple query ( I already gave my user read access there), it gives me this connection error, and I need to connect using the token again and the disconnection happens again randomly after a short while:
FATAL: Cloud SQL IAM user authentication failed for user
"user#company.com" FATAL: pg_hba.conf rejects connection for host
"...", user "user#company.com", database "db-name",
SSL off
I did some search and found there is also a way of logging in with IAM database authentication using the Cloud SQL Auth proxy but the documentation is limited to Postgress command line and not a GUI database tool like Azure Data Studio. Can anyone shed some light on this about what's needed if you want to connect with a GUI tool in this case?
And about changing the pg_hba.conf file, since I work with a cloud SQL instance, I'm not sure how to turn sslmode off on the cloud instance. I checked the connection tab of my instance and SSL encryption wasn't checked there (not sure if that's the same),and I changed the sslmode to disable on my Azure Data Studio for the connection but it won't allow me to connect after this change:
FATAL: pg_hba.conf rejects connection for host "*.*.*.*", user "user#company.com", database "database", SSL off
Help, anyone?
I've found the answer: we can connect using IAM database authentication using the Cloud SQL Auth proxy. The only step after to be done from the GUI DB tool (mine is Azure Data Studio) would be, to connect to the IP (127.0.0.1 in my case)the Cloud SQL Auth proxy listens on(127.0.0.1 is the default) after starting the Cloud SQL Auth proxy using:
./cloud_sql_proxy -instances=<GCPproject:Region:DBname>=tcp:127.0.0.1:5432
I'm supporting two plants that are running a labview application, that is basically a black box and I can't modify, which is using a postgresql 9.2 database to which it connects using SSL. All is running on Debian 7.2. The company that built the system no longer exists.
Host:Port: 10.10.101.10:5432 (SSL require)
DB-Name: PPCDB (User: postgres)
postgres-Meldung:
SSL error: certificate verify failed
I have root, I've tried disabling SSL in postgres which works partially allowing the labview application to start, however none of the software clients work which is obviously a problem.
Can anyone guide me on how to renew the certificates so that the application will be able to connect to the database? Again, the application I can not modify, I can only stop it and start it. Is it even possible?
So I have a go rest api running on Heroku. I had the free tier version but now we have moved the app to production and upgraded to a standard-0 database. None of my code changed the only thing that changed were environmental variables to connect to the database. However, when I try to connect to the database I get this error:
[BRONZE] [5-1] sql_error_code = 28000 FATAL: no pg_hba.conf entry for host "54.234.***.***", user "ub21ndj3*****", database "d8useg2o3****", SSL off
From my understanding its an SSL issue. What I don't understand is my app is running on Heroku servers so I shouldn't need to create a tls config to connect to the database and the same code was working with the previous database. Would there be another issue why I'm getting this error?
Heroku's standard databases and above require SSL connections as of April, 2016. You can see the Changelog entry here. You were able to use the same application code on a hobby database because they do not have the same restriction.
Hi I am having issues connecting to my postgres database, I am using this connection string on my 64 bit machine. I have downloaded the updated 64 bit postgres driver.
driver used: database=Travel_Information;driver={PostgreSQL Unicode(x64)};port=5432;server=travel-information.chda0n3dhd8k.eu-west-1.rds.amazonaws.com
Issue when selecting tables to import
Any suggestions?
In the DSN select "(None)" instead of "dBASE Files" and your connection string should look like this.
database=dbname;driver={PostgreSQL Unicode(x64)};port=5432;server=server.eu-w1.compute.server.com;sslmode=require;
I had to use sslmode=require because I am connecting to a postgresql server instance on heroku server, and it requires it.
It is an SSL issue
I added sslmode=require at the end of connection string and it succeeded.
I tried before with the original Postgredb connector and various Npgsql versions but it didn't worked.
Although there's still an option to import the certificate from the server to your client To get the SSL cert for the PostgreSQL server you might need to speak to the DBA/sysadmin if you don’t have access. In the configuration folder for the PostgreSQL server there is a postgresql.conf file, search it for ssl settings, there is one with the location of the ssl cert. Note NOT the key file which contains the private key, only the cert file which contains the public key. copy it or its content to the machine running PowerBI and import using that procedure
I'm having troubles to connect an existing heroku database to Google Datastudio. I'm trying to add the connection and I get the following:
Access denied, please check your username and password.
Now, I'm 100% sure that I'm correct on those credentials and the problem comes from somewhere else.
I've tried with different setup, either a free or a paid PSQL instance, nothing works.
I've also setup a dummy account on elephantsql and the connection worked the first time without any issue.
Do you have any idea of the cause of that problem?
Edit:
Just found https://www.en.advertisercommunity.com/t5/Data-Studio/Heroku-Postgres-lt-gt-Google-Data-Studio/m-p/1031729 which is not helpful at the time of writing this post.
Since the February 6, 2018 update, Google DataStudio allows SSL connections with PostgreSQL, which is necessary to connect to a database created via Heroku.
To enable SSL you need to provide client key+cert and server cert, which can be accomplished by taking the following steps:
Generate a self-signed cert + key with openssl for client key + certificate:
openssl req \
-newkey rsa:2048 -nodes -keyout client.key \
-x509 -days 365 -out client.crt
Use the postgres_get_server_cert.py script to get the self-signed server cert from heroku psql:
https://raw.githubusercontent.com/thusoy/postgres-mitm/master/postgres_get_server_cert.py
The problem is that Heroku Postgres requires an SSL connection which doesn't seem possible with Data Studio at the moment. Hopefully Google will add that option soon.
Make sure to run the openssl command on one line to generate the client.key and client.crt in one command. It took me a couple of tries of downloading the certificates (unable to reach host error), but this finally got me connected to Heroku Postgres with GDS.
I thought I would mention that I have used this for quite awhile, but every time my database undergoes maintenance it breaks and I have to manually reconnect the certificates. I developed a better approach - connect the data to Google BigQuery and do your blends there, and then use the BigQuery Community Connector. The charts are more performant this way AND you can now use query parameters on blended data.
Of course, DataStudio won't connect directly to Heroku Postgres for the same reason, so I use a service called Fivetran to grab the raw data and send it to Google BigQuery. There is a cost to this, of course, but for some projects it may be worth it. At some point I will move my database off of Heroku to either AWS or Google itself to allow a direct connection, but that is a larger project.