How can I obtain the Client certificate and Client private key for the managed PostgreSQL

How can I obtain the Client certificate and Client private key for the managed PostgreSQL? Google Data Studio require both Clieny cert and pk in addition to the server certificate.

I’m almost giving up. I might just go back to droplet and set my nown postgres there

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

I can only guess you need to create a key, a signing request, and finally a certificate, in that order. The typical way to do that is with OpenSSL:

$ openssl genpkey ... -out <key-file>
$ openssl req -in <key-file> ... -out <sing-req-file>
$ openssl x509 -in <sign-req-file> ... -out <cert-file>

There are algorithm types of keys of which RSA and elliptic curves like prime-256 and prime-512, which are not ‘safe curves’. There is a webpage listing ‘safe curves’. Implementation of safe curves is not common, but OpenSSH (not L but H) has Edward 25519. Note that the key file has both the public and private keys. A file with just the public key can be made and can be publicized freely, but not the file with the private key (really the key pair).

The best free documentation on using OpenSSL is OpenSSL Cookbook by Ivan Ristić. The instructions for acme-tiny are helpful as a use case using OpenSSL. I am not sure what your use case is. I have only gotten a domain certificate using the ACME protocol. I have never validated the client to the server. The server will need something to identify the client. The server might have a key with which to sign the client certificate. There must be some documentation out there to explain it for your use case. The Cookbook demonstrates how to issue a client certificate, but your use case could require adjustment. It’s a complex subject that is not so well documented. The PostgreSQL manual is awesome, which is why PostgreSQL is my favorite database.

You could just go with user-password and leave this for later?

Going by, it looks to me like you want to read the Cookbook if you want to grind through this. Good luck!

Is there still no real solution to this?

I am in the same situation where I need to access my managed Postgres instance from Google Data Studio and need the Client certificate and private key.

Is this truly the only way?

Why is there a key selection on the droplets but not on the managed db? I have to make a new key for every db? This is crazy talk here. I have lots of my own droplets and db’s and I use one key for them all because having multiple ones is a hassle.

I might just spin up my own droplet as well. Yeesh!

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel