Providing PostgreSQL SSL Certificate in a Rails Application

Question

Providing PostgreSQL SSL Certificate in a Rails Application

I have a Rails application on Elastic Beanstalk using an Amazon RDS PostgreSQL instance.

I want pg to use SSL to connect to this database.

Following http://docs.aws.amazon.com/AmazonRDS/ [...] , I saved rds-combined-ca-bundle.pem in /config/ca/rds.pem , and my database.yml looks like this:

 production: adapter: postgresql database: <%= ENV['DB_NAME'] %> username: <%= ENV['DB_USERNAME'] %> password: <%= ENV['DB_PASSWORD'] %> host: <%= ENV['DB_ADDRESS'] %> port: <%= ENV['DB_PORT'] %> sslmode: 'require' sslrootcert: 'config/ca/rds.pem'

But I have no idea if it really uses SSL: I can change the sslrootcert path to everything, and my application is still working. What am I missing?

+6

ruby-on-rails postgresql amazon-web-services elastic-beanstalk

Pj bergeron Feb 26 '15 at 4:29

source share

1 answer

Pj bergeron · Accepted Answer · 2015-02-26T06:53:16+0000

In database.yml you need to use sslmode: 'verify-full' instead of sslmode: 'require' to check the endpoint of the instance for the endpoint in the SSL certificate. Therefore, the certificate is used.

Providing PostgreSQL SSL Certificate in a Rails Application

More articles: