My account Book a demo

PostgreSQL SSL errors

20th March, 2025

28000: no pg_hba.conf entry for host "...", user "...", database "..."

Your host has no access to database with selected authentication method. Make sure your IP Address was added to pg_hba.conf file in database server. To check futher, try to change SSL Mode to either Disabled or Required and see what happens. If you receive other errors, search for them in this document. See more in postgresql documentation.

28000: certificate authentication failed for user "..."

Authentication using client certificate failed. It means that client certificate is wrong provided with Configure button is wrong. Make sure that the certificate is a client certificate, not a server nor a CA certificate, and that Subject (CN) property of a certificate is your database login. See more in postgresql documentation.

Provided SSL certificate has an invalid format.

No client certificate provided

Makre sure you selected a client certificate using Configure button.

Client certificate in format other than PFX.

Dataedo accepts certificates only in .pfx format for Postgresql connection. If you have certificate in formats such as PEM, CRT, CER or others, they won't be accepted by Dataedo. You can easily convert existing certificates into PFX certificate using OpenSSL:

openssl pkcs12 -export -out client-cert.pfx -inkey private-key.key -in client-cert.crt

  1. openssl - command to execute OpenSSL,
  2. pkcs12 - file utility,
  3. -export -out client-cert.pfx - export and save the certificate as PFX client-cert.pfx file,
  4. -inkey private-key.key - the private key to be combined with certificate into PFX file,
  5. -in client-cert.crt - client certificate to be combined with private key into PFX file.

Provided passphrase is incorrect.

Passphrase provided for certificate with Configure button is incorrect.

The remote certificate is invalid according to the validation procedure.

This issue occurs only for VerifyCA or VerifyFull SSL modes. Workaround is to use a Required SSL mode which trusts server SSL certificate.

CA Certificate not added to a Windows Trusted Root Authorities

You need to add a CA certificate to Windows certificate store if authority issuing the certificate is not trusted. To add the certificate to a ceritifcate store, double click the CA certificate file. For store location select Current User. Go next, until you see Password field. You can leave the field empty if certificate was not secured with password. Then select Place all certificates in the following store: and under Browse... select Trusted Root Certification Authorities. Confirm and click ok.

Server certificate has wron host in Subject (CN)

This issue can occur only for VerifyFull SSL Mode. It basically means, that Subject (CN) speciifed in server certificate stored on a database server has incorrect value, different than the one speciifed in Host field in Dataedo. In such case, new certificate needs to be created by the database administrator.

Contact support Report issue