Home Postgresql : SSL certificate error unable to get local issuer certificate

Postgresql : SSL certificate error unable to get local issuer certificate

Ankit Agrawal
1#
Ankit Agrawal Published in 2017-09-13 18:07:11Z
 In PostgreSQL, whenever I execute an API URL with secure connection with query like below select * from http_get('https://url......');  I get an error SSL certificate problem: unable to get local issuer certificate For this I have already placed a SSL folder in my azure database installation file at following path C:\Program Files\PostgreSQL\9.6\ssl\certs  What should I do to get rid of this? Is there any SSL extension available, or do I require configuration changes or any other effort? Please let me know the possible solutions for it.
user2458080
2#
 A few questions... First, are you using this contrib module: https://github.com/pramsey/pgsql-http ? Is the server that serves https://url....... using a self-signed (or invalid) certificate? If the answer to those two questions is "yes" then you may not be able to use that contrib module without some modification. I'm not sure how limited your access is to PostgreSQL in Azure, but if you can install your own C-based contrib modules there is some hope... pgsql-http only exposes certain CURLOPTs (see: https://github.com/pramsey/pgsql-http#curl-options) values which are settable with http_set_curlopt() For endpoints using self-signed certificates, I expect the CURLOPT you'll want to include support for to ignore SSL errors is CURLOPT_SSL_VERIFYPEER If there are other issues like SSL/TLS protocol or cipher mismatches, there are other CURLOPTs that can be patched-in, but those also are not available without customization of the contrib module. I don't think anything in your C:\Program Files\PostgreSQL\9.6\ssl\certs  folder has any effect on the http_get() functionality. If you don't want to get your hands dirty compiling and installing custom contrib modules, you can create an issue on the github page of the maintainer and see if it gets picked up. You might also take a peek at https://github.com/pramsey/pgsql-http#why-this-is-a-bad-idea because the author of the module makes several very good points to consider.