Set up Google cloud certificates for Postgresql database ( hostname mismatch )

Question

I have a postgreSQL database set up in google cloud. To connect via SSL google cloud provides 3 .pem files, server-ca, client-cert and 'client-key'.

I am using a different tool which always uses the SSL's setup in the ~/.postgresql/ folder. So I set the given .pem files by google cloud up in this folder as the corresponding .crt files. To test if this works I use the command below.

PGSSLMODE=verify-full psql -h 12.34.5.78 -d postgres -U postgres 

This gives the output:

psql: error: connection to server at "12.34.5.78", port 5432 failed: 
server certificate for
"project_name:instance_name" does not match host name "12.34.5.78"

Seems like the certificates mix-up the host names, anyone has an idea on how to solve this problem?

Answer 1

It seems odd that a cloud provider would issue certificates without hooking the CN or SAN of the cert up to their DNS.

But since they have done so, a less invasive work around than editing /etc/hosts might be to specify the host name in the cert into host field while putting the ip address into hostaddr field. But i don't think hostaddr has a 'command line argument' form, so you would have to switch to using the 'list-of-keywords' form of connection string.