Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Bug when connecting in SSL mode #158
Postico uses the OS X Security API to verify certificates. "WoSign" is not a System Root CA. Therefore you need to include the StartCom cert for WoSign with your certificate. It could be that Safari has a copy of that certificate cached somewhere, and therefore doesn't need it, but Postico does.
Try appending the StartCom cert to your server cert. See section 17.9. Secure TCP/IP Connections with SSL in the PostgreSQL manual:
Usually you should get a "bundle.crt" file or similar from your issuer, containing all the additional certs you need. Try appending that file to "server.crt", then restart your PostgreSQL server, and it should work.
Actually WoSign is not a root CA, it's an intermediate certificate authority. But Postico recognized it as the root CA.
I've also tried Psequel with SSL enabled. It connected without any errors.
The server is available to the Internet with host name "aws.leedy.me". You can try with different tools (with SSL forced).
I have two servers. Server A's certificate is self-signed. Server B's is signed correctly.
Server A with PSequel
Server B with PSequel
Server A with Postico
Server B with Postico
psql checks the certificate against root certificates stored in
You have two ways of fixing this problem:
I've now discovered the source of the bug and fixed it. The bug caused Postico to ignore additional certificates sent by the server, just like you said. This means that certificates from intermediate CAs like WoSign were rejected.
Thank you for telling me about this bug. I am really sorry for not believing you at first.
Here is a build of Postico that should correctly check the certificate: