Despite the COVID-19 outbreak, our team continues operating at full speed. We are always here to support and answer all your questions.

Feel free to reach out by filling this quick form.

Fill the form
Get Free Trial

How to connect to a postgreSQL secured with SSL/certificates?

Answered
Javier Sanz Lopez asked on June 2, 2020

Good afternoon.
I am trying to connect the Flexmonster Data Server to my cloud database, and i find myself with the following error.
2020-06-02 13:25:05.6181|FATAL|Microsoft.AspNetCore.Hosting.Diagnostics|Application startup exception
2020-06-02 13:25:05.6618|FATAL|Flexmonster.DataServer.Program|Cannot connect to the database using “Server=xxxx;Port=xxxx;Uid=xxxx;Pwd=xxxx;Database=xxxx”. Please check connection string. Details: Exception while reading from stream
My colleagues have investigated and the error is produced because the PostgreSQL database is protected with SSL certificates. We couldn’t find any information in your documentation regarding how to perform a connection to this kind of database. Would you please guide us through this process?
 
Thanks for everything and kind regards.
Javier

7 answers

Public
Vera Didenko Flexmonster June 3, 2020

Hello, Javier,
 
Thank you for reaching out to us. 
 
First of all, we would like to explain that The Flexmonster Data Server uses the npgsql driver for connecting to PostgreSQL, which supports SSL connection.

To connect to a PostgreSQL DB instance over SSL, the corresponding SSL certificate needs to be downloaded, please see: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL.
Next, our team kindy suggests trying one of the following approaches: 

  1. Setting the Client Certificate connection string parameter.  
  2. Specifying the PGSSLCERT environment variable.
  3. Using ~/.postgresql/postgresql.crt (%APPDATA%\postgresql\postgresql.crt on Windows)

For further details about the suggested approaches, please see the following guide: https://www.npgsql.org/doc/security.html#encryption-ssltls
 
 
Please let us know if this works.
Looking forward to your reply.
 
Kind regards,
Vera

Public
Javier Sanz Lopez June 4, 2020

Good afternoon Vera.
I passed this information to our architects team, which are the ones in charge of deploying the Flexmonster server, and they haven’t been able to deploy it succesfully.
They tried to run it with ubuntu 20.04 and got the following error message: “No usable version of libssl was found …”
They told me to ask you which version/package of openssl is working/required, and if there is a quicker contact way they can address you directly their issues while deploying it.
 
Thanks for everything and best regards.
Javier

Public
Ian Sadovy Flexmonster June 5, 2020

Hello Javier,
 
Thank you for the update.
Actually, we haven’t been reported about “No usable version of libssl was found” error previously, so it seems we need more time to investigate it. We will keep you updated.
 
However, after a brief research, it seems that a possible solution can be installing libopenssl1_0_0 package (more details are here https://stackoverflow.com/questions/53139591/dotnet-new-command-in-opensuse-causes-no-usable-version-of-the-libssl-was-fou ).
 
As for the communication channels, currently, our Forum is the most optimal way because all technical support team members have direct access to it and can respond quickly.
 
Please let us know if it helps.
 
Regards,
Ian

Public
Vera Didenko Flexmonster June 11, 2020

Hello, Javier, 
 
Thank you for giving us some time. 
 
Looking deeper, it seems the problem is caused by a conflict in the supported SSL library in .NET Core and the one used in Ubuntu.

Here are several links that may be of help:

  1. .NET Core 3.0 supports OpenSSL 1.1: https://github.com/dotnet/docs/issues/13475
  2. If you have LibreSSL instead of OpenSSL: https://github.com/dotnet/runtime/issues/24869

 
Please let us know if this helps to resolve the issue.
Looking forward to hearing from you.
 
Kind regards, 
Vera

Public
Vera Didenko Flexmonster July 8, 2020

Hello, Javier, 
 
How have you been? 
 
Our team would like to kindly take an interest in whether you found our previous response helpful. 
Did it work to configure the SSL connection?
 
Looking forward to your feedback.
 
Kind regards, 
Vera

Public
Javier Sanz Lopez July 8, 2020

Good afternoon Vera.
 
It took us a few days but using all your indications we were able to deploy it. Thanks for your feedback.
 
Best regards.
Javier

Public
Vera Didenko Flexmonster July 9, 2020

Hello, Javier, 
 
Thank you for your feedback. 
 
We are glad to hear that you managed to get everything working.
You are welcome to write to us if other questions arise.

Kind regards, 
Vera

Please login or Register to Submit Answer