Hi All , Thank you for all the replies , I think even if psql does not verify the certificate , it still has to import it. I guess like David mentioned it might have default certificates in the client and server.
Regards, Shankar On Tue, Aug 11, 2020 at 1:45 AM Tom Lane <t...@sss.pgh.pa.us> wrote: > "David G. Johnston" <david.g.johns...@gmail.com> writes: > > On Mon, Aug 10, 2020 at 10:54 AM Shankar Bhaskaran < > mailshank...@gmail.com> > > wrote: > >> How does psql import the server certificate? > > > It works by default because both the server and client are usually > > installed from the same source and the same default certificate files are > > provided to each. > > Actually I suspect the answer is "it works because the default behavior > is to just encrypt the connection, not to try to verify the server > certificate". If you want it to fail when it doesn't recognize the server > cert, you need sslmode=verify-ca or sslosslmode=verify-full in your > connection string. See sslmode here: > > > https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS > > regards, tom lane >
