Postico
Postico copied to clipboard
jakob
Trying to connect to RDS with SSL and getting stumped
You can use this template for reporting bugs. Feel free to remove parts that are not relevant, or just write something free-form if you prefer.
What did you do?
Followed instructions here on how to get a trusted certificate from AWS for RDS. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL
Downloaded this cert... https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
Imported on macos to keychain and made it trusted.
What did you expect to happen?
Expected to be able connect.
What actually happened?
When I select the .pem file within client SSL option in Postico connection settings it fails to connect indicating it can't find a start line.
I don't think it's a bug, I think I'm missing a step or something...
What software versions are you using?
Postico version: 1.5.4 (select "About Postico" from the Postico menu)
macOS version: 10.13.6 (selecting "About this Mac" from the Apple menu)
PostgreSQL version: AWS RDS (not sure of the version as I don't want to connect w/oSSL from hotel)... (execute the command "SELECT VERSION();" to find out)
Hi there,
I have quite the same issue but with a Redshift Cluster.
Platform
MacOS Mojave 10.14.6 Postico 1.5.8 (4819) Redshift Cluster 1.0.9867
What did I do?
Followed the instructions from https://docs.aws.amazon.com/redshift/latest/mgmt/connecting-ssl-support.html#connect-using-ssl Downloaded the redshift-ca-bundle.crt
It seems that Postico doesn't use the MacOS Keychain to verify certificates nor can it be passed a bundle as a crt file.
The issue relies on the intermediate certificate not being trusted.
Circled back to this with the latest postico build. Still can't get it to work. Any luck on your end? I assume we select use client TLS instead of SSH tunnel.
When I choose TLS I get an error saying no start line in cert. The psql command works find with the combined certificate file from AWS. Just can't figure out how to configure postico to replicate it.
Any ideas?
We've tried to improve the interface in Postico 2, and added separate fields for CA bundle / Client Key / Client cert.
Could you try if you can get it to work with Postico 2 preview? Download here: https://eggerapps.at/postico2/
I just updated my Postico 2 Preview. It appears to be working now without needing to manually add the certificate. Thank you for the update and keep up the great work. Look forward to the final version.
I'll try it tomorrow. Thanks for posting this.
On Fri, Apr 3, 2020 at 12:39 PM Victor Cao [email protected] wrote:
I just updated my Postico 2 Preview. It appears to be working now without needing to manually add the certificate. Thank you for the update and keep up the great work. Look forward to the final version.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jakob/Postico/issues/670#issuecomment-608623183, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE5JNM5DH2ZWGBDIUA7RZ73RKY3QBANCNFSM4IJDW5AA .
Installed it today and was able to use my RDS pem to connect. I'll do some testing over the next few days. Thanks for the effort!
On Fri, Apr 3, 2020 at 6:00 PM Michael Wood [email protected] wrote:
I'll try it tomorrow. Thanks for posting this.
On Fri, Apr 3, 2020 at 12:39 PM Victor Cao [email protected] wrote:
I just updated my Postico 2 Preview. It appears to be working now without needing to manually add the certificate. Thank you for the update and keep up the great work. Look forward to the final version.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jakob/Postico/issues/670#issuecomment-608623183, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE5JNM5DH2ZWGBDIUA7RZ73RKY3QBANCNFSM4IJDW5AA .