0976ce107e
In the past, it was not possible download the CA certificates in any way, so we used channel_binding as a way to verify the server identity. However, now we give an option to download the CA certificates, so we can use sslmode=require by default, which also works with pgBouncer as opposed to channel_binding. Users that require higher security guarantees can download the CA certificates and use sslmode=verify-ca or sslmode=verify-full.
19 lines
499 B
Plaintext
19 lines
499 B
Plaintext
id: pgvm1qb9gwct1mqmay7m54yma5
|
|
name: test-pg
|
|
state: creating
|
|
location: eu-central-h1
|
|
vm_size: standard-2
|
|
storage_size_gib: 64
|
|
version: 17
|
|
ha_type: none
|
|
flavor: standard
|
|
connection_string: postgres://postgres:bar456FOO123@test-pg.pgvm1qb9gwct1mqmay7m54yma5.pg.example.com:5432/postgres?sslmode=require
|
|
primary: true
|
|
earliest_restore_time:
|
|
firewall rules:
|
|
1: pfb9g14e5ndt6qf59wfk8109bg 0.0.0.0/0
|
|
metric destinations:
|
|
1: md8ntmx8e1764nwc7p970vf3xw foo https://baz.example.com
|
|
CA certificates:
|
|
|