Error When Connecting Postgres Db: Server Certificate Does Not Match Host Name

Question

I installed Postgresql 13 to Centos 8 VM, trying to learn how to make connections secure with ssl. Though completing most of the steps and creating server and client certificates, i can't connect to my database remotely via PgAdmin with verify-full SSL mode. it gives an error like this:

server certificate for "centosnew" does not match host name "192.168.1.153"

"centosnew" is db's hostname and 192.168.1.153 is it's ip address . However, i can connect when i change SSL mode to verify-ca or require modes in PgAdmin.Where could i be doing wrong?

edit: My client's address is in pg_hba.conf looks like this:

hostssl    all             all             192.168.1.165/32        cert

Thanks

What is the common name in the server certificate?

Laurenz Albe
– Laurenz Albe

2021-06-29 16:25:40 +00:00
Commented Jun 29, 2021 at 16:25 — Laurenz Albe
– Laurenz Albe, Commented Jun 29, 2021 at 16:25
it's "centosnew"

postgresnewbie
– postgresnewbie

2021-06-29 17:30:36 +00:00
Commented Jun 29, 2021 at 17:30 — postgresnewbie
– postgresnewbie, Commented Jun 29, 2021 at 17:30

Emon46 · Accepted Answer · 2021-06-29 16:28:14Z

2

In your server certificate, seems like the IP list doesn't include ip 192.168.1.153. Make sure when you create server certificate you have added the Ip where it will listen. You can check if the certificate has the IP in it's list with this link paste your cetificate to decode here.

Add the Ip in your CommonName also.

answered Jun 29, 2021 at 16:28

Emon46

1,65610 silver badges18 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

jjanes · Accepted Answer · 2021-06-29 17:29:31Z

2

As the error message says, the server's certificate is for "centosnew", which is not the same as the host name you told it to connect to, "192.168.1.153". So as far as the SSL certs are concerned, you have connected to a server other than the one you asked for. Since preventing that is the entire point of "verify-full", it would be pretty weird if it just let you do it anyway.

So instead of telling it to connect to host "192.168.1.153", tell it to connect to host "centosnew", and let DNS do its job.

answered Jun 29, 2021 at 17:29

jjanes

45k5 gold badges39 silver badges48 bronze badges

Comments

postgresnewbie · Accepted Answer · 2021-06-29 18:59:37Z

2

I fixed it by adding my db server's name to "hosts" file in my client computer.

answered Jun 29, 2021 at 18:59

postgresnewbie

1,4982 gold badges14 silver badges24 bronze badges

Collectives™ on Stack Overflow

Error When Connecting Postgres Db: Server Certificate Does Not Match Host Name

3 Answers 3

Comments

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related