PostgreSQL pq打开不成功:x509:证书由未知授权机构签名
[英]PostgreSQL pq Open not successful: x509: certificate signed by unknown authority
问题描述
What is wrong with this code? 
此代码有什么问题?
http://godoc.org/github.com/lib/pq http://godoc.org/github.com/lib/pq
* dbname - The name of the database to connect to
* user - The user to sign in as
* password - The user's password
* host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost)
* port - The port to bind to. (default is 5432)
* sslmode - Whether or not to use SSL (default is require, this is not the default for libpq)
* fallback_application_name - An application_name to fall back to if one isn't provided.
* connect_timeout - Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.
So I just type the following and expected to see the successful connection with the PostgreSQL connection but seems to not work. 因此,我只键入以下内容,并期望看到与PostgreSQL连接的成功连接,但似乎无法正常工作。 Is there anything wrong with the syntax, since the syntax for sql.Open is different than the one that I used for MySQL. 语法是否有问题,因为sql.Open的语法与我用于MySQL的语法不同。
"dbname=%s user=%s password=%s host=%s port=%s sslmode=%s connect_timeout=%s"
And the error message from this code is x509: certificate signed by unknown authority 并且此代码的错误消息是x509: certificate signed by unknown authority
package main
import (
"database/sql"
"fmt"
"log"
"os"
_ "github.com/lib/pq"
)
func main() {
db := Get()
defer db.Close()
err := db.Ping()
if err == nil {
log.Fatalln("db.Ping is successful!")
} else {
log.Fatalln(err)
}
}
func Get() *sql.DB {
const (
AWS_DB = "mydb"
AWS_USER = "rootuser"
AWS_PASS = "1234"
AWS_HOST = "redshift.amazonaws.com"
AWS_PORT = "5439"
AWS_SSL = "verify-full"
AWS_TIME = "2"
AWS_ACCESS_KEY = "abcd"
AWS_SECRET_KEY = "efgh"
)
db, err := sql.Open("postgres",
fmt.Sprintf("dbname=%s user=%s password=%s host=%s port=%s sslmode=%s connect_timeout=%s",
AWS_DB,
AWS_USER,
AWS_PASS,
AWS_HOST,
AWS_PORT,
AWS_SSL,
AWS_TIME,
))
if err != nil {
log.Fatalln("Error:")
log.Fatalln(err)
os.Exit(1)
}
return db
}
2 个解决方案
解决方案1
1 已采纳 2014-05-12 19:11:44
As the error message tells your host is not trusting the certificate authority (CA) which signed the certificate of your database server. 如错误消息所示,您的主机不信任对您的数据库服务器的证书进行签名的证书颁发机构(CA)。
If you can afford to enable InsecureSkipVerify then set sslmode=require . 如果您有能力启用InsecureSkipVerify则设置sslmode=require 。 This will prevent the client to verify the server's certificate chain and host name (but SSL will still be used). 这将阻止客户端验证服务器的证书链和主机名(但仍将使用SSL)。
If this is not an option you need to add the CA to your hosts trusted CAs. 如果这不是一个选项,则需要将CA添加到主机受信任的CA。 This depends on your OS. 这取决于您的操作系统。 On Linux you have good chances when you add it to /etc/ssl/cert.pem . 在Linux上,将其添加到/etc/ssl/cert.pem很有机会。
Obviously the PostgreSQL driver does not allow to specify a custom tls.Config which would make things more flexible. 显然,PostgreSQL驱动程序不允许指定自定义tls.Config ,这会使事情变得更加灵活。 In the source code you can see that it always uses tls.Config{} . 在源代码中,您可以看到它始终使用tls.Config{} 。 It does not provide an option to set custom RootCAs . 它没有提供设置自定义RootCAs的选项。
解决方案2
0 2018-04-04 10:29:48
You need to pass sslrootcert parameter. 您需要传递sslrootcert参数。 Your code will become 您的代码将成为
db, err := sql.Open("postgres",
fmt.Sprintf("dbname=%s user=%s password=%s host=%s port=%s sslmode=%s sslrootcert=%s connect_timeout=%s",
AWS_DB,
AWS_USER,
AWS_PASS,
AWS_HOST,
AWS_PORT,
AWS_SSL,
AWS_SSL_CERT_PATH,
AWS_TIME,
))
where AWS_SSL_CERT_PATH="/path/to/the/certificate" 其中AWS_SSL_CERT_PATH="/path/to/the/certificate"
You can find more information and the link to download the certificate here . 您可以在此处找到更多信息和下载证书的链接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.