-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to connect to amazon server using .pem key file #237
Comments
Hi!
Postico supports authentication using client TLS certificates. However, Postico expects two files: a Try opening the Then, when creating a favorite in Postico, click on the Options button and select "Use TLS client certificate..." Hope this helps! I really wish this was easier to set up; I'll have to see if I can make Postico accept |
I found out that libpq can also use .pem files directly. So I've changed Postico to let you use PEM files for TLS certificates. Here are the simpler instructions:
|
Thanks! Hope we can put the .pem support for TLS on next release :P |
.pem support is now in Postico 1.0.9, released earlier today (should hit the app store soon) |
It sounds like the pem file you are using doesn’t include a key. Open the file in a text editor — if there is a key it should start with the line Make sure to set OpenSSL flags correctly when exporting pem files, the default settings might not export the key. |
@jakob Thanks for the response. I'm afraid I don't know how to grab the pem file with that information. The pem file I'm using is directly from Amazon for use with RDS. I'm grabbing the cert from here: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html |
@joshmosh ok, I see. The .pem file you are using contains certificates only. It doesn't contain a key. So you don't use it for client authentication, but you use it for verification of the server instead. Postico uses the macOS keychain for verifying SSL certs, so you should add the cert to the keychain instead. Then, when connecting in Postico, you'll get a dialog that tells you the server cert is not trusted. Check if the cert is the one you added, then check the "Always trust this cert" checkbox. |
@jakob Perfect. Adding it to my keychain worked great! Thank you so much for the help! |
Hi all, I have a identify file .pem which is used to ssh to my AWS, I try to use the Postico ssh config in different ways to connect to AWS but they all failed, so now I'm wondering if there is someone who know how to config this part to make it work.
Thanks in advance :P
The text was updated successfully, but these errors were encountered: