How to connect managed database (postgres) with ssl-mode="varify-full" in django app?

September 19, 2019 400 views
Databases PostgreSQL Django

Hello. Currently I have a django app running on a droplet. And I am using your Managed Database for postgresql. Currently my connection has ssl-mode set to ‘require’, but I want to change the ssl-mode to 'varify-full’. I have changed django app settings like the following:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': DATABASE_NAME,
        'USER': DATABASE_USER,
        'PASSWORD': DATABASE_PASSWORD,
        'HOST': DATABASE_HOST,
        'PORT': DATABASE_PORT,
        'OPTIONS': {
            'sslmode': 'varify-full',
        },
    }
}

I have downloaded the CA certificate given in the database cluster overview page in connection details. I have put the certificate in ~/.postgresql/ folder. I have read the postgres documentation and realized that I need four files
~/.postgresql/postgresql.crt
~/.postgresql/postgresql.key
~/.postgresql/root.crt
~/.postgresql/root.crl

Where can I find the other files? Please Someone give a proper guidence about how to do this step by step as I am a complete newbie in this field. Thanks in advance.

1 comment
1 Answer

That is an interesting question. Have you gone through this guide here:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-scalable-django-app-with-digitalocean-managed-databases-and-spaces

It looks like that you should be able to connect with just the following:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 'polls',
        'USER': 'myprojectuser',
        'PASSWORD': 'password',
        'HOST': 'managed_db_host',
        'PORT': 'managed_db_port',
    }
}

by Justin Ellingwood
by Hanif Jetha
Django is a powerful web framework that can help you get your Python application or website off the ground quickly. It includes several convenient features like an object-relational mapper, a Python API, and a...
  • Thank you for your response, but I think you didn’t understand my question. I have already managed database connected through *ssl-mode=require* to my project. What I wanted to know how to connect using *ssl-mode=verify-full* or *ssl-mode=varify-ca*. And according to the documentation of postgresql, I need the files that I mentioned above. But I am getting only the ca-certificate.crt file that I can download from the connection details section of database cluster overview page.

Have another answer? Share your knowledge.