Question
I am encountering the following errors when connecting to Heroku Postgres.
What is the cause and workaround?
FATAL: no pg_hba.conf entry for host “xxx.xxx.xxx.xxx”, user “xxxxxxxxx", database “xxxxxxxxxxx”, SSL off
SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Answer
As a precondition, the PostgreSQL Connector has been tested on the on-premises version of PostgreSQL and is not guaranteed to connect to Heroku Postgres.
Below are explanations for each error.
FATAL: no pg_hba.conf entry for host “xxx.xxx.xxx.xxx”, user “xxxxxxxxx", database “xxxxxxxxxxx”, SSL off
This error occurs because there is no SSL connection.
SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This error occurs because the server certificate is not imported into the Java keystore.
According to the following external document, connecting to Heroku Postgres requires importing a server certificate into the client.
- Connecting to a Private or Shield Heroku Postgres Database from an External Resource
https://devcenter.heroku.com/articles/heroku-postgres-via-mtls
However, HULFT Square does not allow importing a server certificate into the Java keystore, so it is not possible to connect to Heroku Postgres using the above method.
Supplementary information
According to the following external document, you may be able to bypass the server certificate check by adding the following parameters to the URL when connecting.
- Connect to Heroku Postgres without SSL validation
https://www.jetbrains.com/help/datagrip/how-to-connect-to-heroku-postgres.html
sslmode:require
NonValidatingFactory
However, please note that the effects of adding this parameter on the connection and the availability of the connection are out of scope of our support, so please contact Heroku's support about that.
Comments
0 comments
Article is closed for comments.