Question

How to connect managed database (postgres) with ssl-mode="verify-full" in django app?

Posted September 21, 2019 1.7k views
DigitalOceanPostgreSQLDjangoDatabases

Hello. Currently I have a django app running on a droplet. And I am using your Managed Database for postgresql. Currently my connection has ssl-mode set to ‘require’, but I want to change the ssl-mode to ‘verify-full’. I have changed django app settings like the following:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': DATABASE_NAME,
        'USER': DATABASE_USER,
        'PASSWORD': DATABASE_PASSWORD,
        'HOST': MANAGED_DATABASE_HOST,
        'PORT': MANAGED_DATABASE_PORT,
        'OPTIONS': {
            'sslmode': 'verify-full',
        },
    }
}

I have downloaded the CA certificate given in the database cluster overview page in connection details. I have put the certificate in ~/.postgresql/ folder. I have read the postgresql documentation and realized that I need four files
~/.postgresql/postgresql.crt
~/.postgresql/postgresql.key
~/.postgresql/root.crt
~/.postgresql/root.crl

Where can I find the files? Please Someone give a proper guidence about how to do this step by step as I am a complete newbie in this field. Thanks in advance.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi, I was just wondering if you had any luck with this and if you’ve managed to get it working?

You shouldn’t need all 4 of those… I have this on my dev box and it connects with no isue.

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': '<name>',
        'USER': '<user>',
        'PASSWORD': '<password>',
        'HOST' : '<host>',
        'PORT' : '25060',   
        'OPTIONS':{
            'sslmode':'verify-full',
            'sslrootcert': os.path.join(BASE_DIR, 'ca-certificate.crt')
}
Submit an Answer