How to set up client certificates for managed Postgres

Posted June 25, 2021 336 views
DigitalOcean Managed PostgreSQL DatabaseDigitalOcean App Platform

I would prefer to use certificates for managed databases and Apps. I can download the ca_certificate from the managed database portal. But I don’t see the private key.

Is there a way to generate client certificates for postgres?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi @RvanLaar,

To generate Client certificates for Postgres managed database, Make sure you have OpenSSL installed on your operating system.OpenSSL will be used to generate client-side public/private key pairs.

Here is how to use the OpenSSL to generate the client public/private key pairs

openssl req -x509 -newkey rsa:2048 -keyout client-key.pem -out client-cert.pem -days 3650 -nodes -subj '/CN=localhost'

I hope this helps!

Best Regards,

  • Hi Rajkishore,

    Let’s say I create a new public/private key pairs. How would I then configure that with the Postgres Managed database?

    • Hi @RvanLaar,

      These are client public/private keys generated on your local machine or droplet that do not need to be configured with a managed database.

      If you are establishing a connection via SSL is required and since the database is managed on our end it is not possible to generate clients key (private key) and certificate (public key) you will need to generate those on your local machine or from whichever client you plan to establish a connection to the managed database.


      • Hi @Rajkishore,

        In summary your answer is: It’s not possible to use client certificates for authentication on managed postgres.

        That’s not the answer I hoped for, but it is what it is.

        Are you affiliated with DigitalOcean? If so do you know if this is on the roadmap?

        • Roland