Share

Question

Hello. Currently I have a django app running on a droplet. And I am using your Managed Database for postgresql. Currently my connection has ssl-mode set to ‘require’, but I want to change the ssl-mode to 'varify-full’. I have changed django app settings like the following:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': DATABASE_NAME,
        'USER': DATABASE_USER,
        'PASSWORD': DATABASE_PASSWORD,
        'HOST': DATABASE_HOST,
        'PORT': DATABASE_PORT,
        'OPTIONS': {
            'sslmode': 'varify-full',
        },
    }
}

I have downloaded the CA certificate given in the database cluster overview page in connection details. I have put the certificate in ~/.postgresql/ folder. I have read the postgres documentation and realized that I need four files
~/.postgresql/postgresql.crt
~/.postgresql/postgresql.key
~/.postgresql/root.crt
~/.postgresql/root.crl

Where can I find the other files? Please Someone give a proper guidence about how to do this step by step as I am a complete newbie in this field. Thanks in advance.

Answer 1

ServerEnthusiast September 20, 2019

That is an interesting question. Have you gone through this guide here:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-scalable-django-app-with-digitalocean-managed-databases-and-spaces

It looks like that you should be able to connect with just the following:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 'polls',
        'USER': 'myprojectuser',
        'PASSWORD': 'password',
        'HOST': 'managed_db_host',
        'PORT': 'managed_db_port',
    }
}

How to Set Up a Scalable Django App with DigitalOcean Managed Databases and Spaces

by Justin Ellingwood

by Hanif Jetha

Django is a powerful web framework that can help you get your Python application or website off the ground quickly. It includes several convenient features like an object-relational mapper, a Python API, and a...

Reply Report

shehabahmedsayem September 21, 2019

Thank you for your response, but I think you didn’t understand my question. I have already managed database connected through *ssl-mode=require* to my project. What I wanted to know how to connect using *ssl-mode=verify-full* or *ssl-mode=varify-ca*. And according to the documentation of postgresql, I need the files that I mentioned above. But I am getting only the ca-certificate.crt file that I can download from the connection details section of database cluster overview page.
Reply Report
- devdojo September 21, 2019
  
  That is an interesting case, please share your solution if you get to the bottom of if it. Thanks!
  
  edited by bobbyiliev
  
  Reply Report
- ServerEnthusiast September 21, 2019
  
  Yes you are right, I misunderstood your question, sorry about that. You actually have a good point, but I’m not 100% sure in this case as this is a managed database, have you tried getting in touch with DO support team as this is a product specific question and they might have an answer for you?
  
  Reply Report
  
  shehabahmedsayem September 21, 2019
  
  No, I haven’t contacted with DO support team. I don’t know how to contact them. Should I post a question as product specific question category or mail them to a mail address? And thanks for your time.
  
  Reply Report
  
  ServerEnthusiast September 22, 2019
  
  You can contact DO support team via this link here:
  
  https://www.digitalocean.com/company/contact/#support
  
  If you get an answer from them, please share it here with the community :)
  
  Reply Report
- monkeyman October 8, 2019
  
  How did you go with this? I’d like to do the same thing ;)
  
  Reply Report
  
  dangelsaurus December 6, 2019
  
  any luck?
  
  Reply Report

Answer 2

shehabahmedsayem September 21, 2019

Thank you for your response, but I think you didn’t understand my question. I have already managed database connected through *ssl-mode=require* to my project. What I wanted to know how to connect using *ssl-mode=verify-full* or *ssl-mode=varify-ca*. And according to the documentation of postgresql, I need the files that I mentioned above. But I am getting only the ca-certificate.crt file that I can download from the connection details section of database cluster overview page.
Reply Report
- devdojo September 21, 2019
  
  That is an interesting case, please share your solution if you get to the bottom of if it. Thanks!
  
  edited by bobbyiliev
  
  Reply Report
- ServerEnthusiast September 21, 2019
  
  Yes you are right, I misunderstood your question, sorry about that. You actually have a good point, but I’m not 100% sure in this case as this is a managed database, have you tried getting in touch with DO support team as this is a product specific question and they might have an answer for you?
  
  Reply Report
  
  shehabahmedsayem September 21, 2019
  
  No, I haven’t contacted with DO support team. I don’t know how to contact them. Should I post a question as product specific question category or mail them to a mail address? And thanks for your time.
  
  Reply Report
  
  ServerEnthusiast September 22, 2019
  
  You can contact DO support team via this link here:
  
  https://www.digitalocean.com/company/contact/#support
  
  If you get an answer from them, please share it here with the community :)
  
  Reply Report
- monkeyman October 8, 2019
  
  How did you go with this? I’d like to do the same thing ;)
  
  Reply Report
  
  dangelsaurus December 6, 2019
  
  any luck?
  
  Reply Report

Answer 3

dangelsaurus December 6, 2019

This worked for me on my dev box…

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': '<name>',
        'USER': '<user>',
        'PASSWORD': '<password>',
        'HOST' : '<host>',
        'PORT' : '25060',   
        'OPTIONS':{
            'sslmode':'verify-full',
            'sslrootcert': os.path.join(BASE_DIR, 'ca-certificate.crt')
}

Reply Report

toby5box February 5, 2020

This was perfect. Allowed me to update my RDS CA 2015 to CA 2019!
Reply Report

Answer 4

toby5box February 5, 2020

This was perfect. Allowed me to update my RDS CA 2015 to CA 2019!
Reply Report

Question

How to connect managed database (postgres) with ssl-mode="varify-full" in django app?

Leave a comment

Looking for something else?

Share

Share your Question

Question

How to connect managed database (postgres) with ssl-mode="varify-full" in django app?

Leave a comment

Related

question

nginx default shows on my custom domain name, but my DO IP shows the proper site

question

Problems setting up an nginx server

question

I am testing postgresql10 streaming replication.I kept wal_keep_segemnts as 5 but I see lot of wal_files in directory?

question

ERROR when trying to access my managed Database Droplet

Looking for something else?

Almost there!