How to connect managed database (postgres) with ssl-mode="varify-full" in django app?

September 19, 2019 1.1k views
PostgreSQL Django Databases

Hello. Currently I have a django app running on a droplet. And I am using your Managed Database for postgresql. Currently my connection has ssl-mode set to ‘require’, but I want to change the ssl-mode to 'varify-full’. I have changed django app settings like the following:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': DATABASE_NAME,
        'USER': DATABASE_USER,
        'PASSWORD': DATABASE_PASSWORD,
        'HOST': DATABASE_HOST,
        'PORT': DATABASE_PORT,
        'OPTIONS': {
            'sslmode': 'varify-full',
        },
    }
}

I have downloaded the CA certificate given in the database cluster overview page in connection details. I have put the certificate in ~/.postgresql/ folder. I have read the postgres documentation and realized that I need four files
~/.postgresql/postgresql.crt
~/.postgresql/postgresql.key
~/.postgresql/root.crt
~/.postgresql/root.crl

Where can I find the other files? Please Someone give a proper guidence about how to do this step by step as I am a complete newbie in this field. Thanks in advance.

2 comments
2 Answers

That is an interesting question. Have you gone through this guide here:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-scalable-django-app-with-digitalocean-managed-databases-and-spaces

It looks like that you should be able to connect with just the following:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 'polls',
        'USER': 'myprojectuser',
        'PASSWORD': 'password',
        'HOST': 'managed_db_host',
        'PORT': 'managed_db_port',
    }
}

by Justin Ellingwood
by Hanif Jetha
Django is a powerful web framework that can help you get your Python application or website off the ground quickly. It includes several convenient features like an object-relational mapper, a Python API, and a...
  • Thank you for your response, but I think you didn’t understand my question. I have already managed database connected through *ssl-mode=require* to my project. What I wanted to know how to connect using *ssl-mode=verify-full* or *ssl-mode=varify-ca*. And according to the documentation of postgresql, I need the files that I mentioned above. But I am getting only the ca-certificate.crt file that I can download from the connection details section of database cluster overview page.

This worked for me on my dev box…

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': '<name>',
        'USER': '<user>',
        'PASSWORD': '<password>',
        'HOST' : '<host>',
        'PORT' : '25060',   
        'OPTIONS':{
            'sslmode':'verify-full',
            'sslrootcert': os.path.join(BASE_DIR, 'ca-certificate.crt')
}
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!