PostgreSQL has native support for using SSL connections to encrypt client/server communications for increased security. This solution describes how to connect to such a server using DbVisualizer.

Related PostgreSQL documentation: Secure TCP/IP Connections with SSL


1-way SSL authentication

You must first obtain the server SSL certificate file from the database admin (let's name this file server.crt).


Open the connection Properties Tab for the PostgreSQL connection and select the Driver Properties category. Edit the following driver properties:

sslmode=verify-ca
sslrootcert=/Users/ulf/ssl-postgresql/server.crt


Replace "/Users/ulf/ssl-postgresql/server.crt" with the actual path of the server certificate file.


Click Apply and re-connect.

You now have a 1-way SSL authentication, where the client authenticates the server.

2-way SSL authentication

If the database server is configured for 2-way SSL authentication you will need to configure the 1-way SSL authentication described above but also some additional Driver Properties.

You usually get the "FATAL: connection requires a valid client certificate" error if your connection is configured as 1-way SSL.


Obtain the client certificate and private key files from the database admin. Let's name these files client.crt and client.pk8. The client certificate must be trusted by the database server. Note that the client private key file must be PKCS8 and stored in DER format. If the client.key file is in PEM format (i.e. starts with something like -----BEGIN PRIVATE KEY-----) you can convert it to DER format with openssl as follows:

openssl pkcs8 -topk8 -inform PEM -outform DER -in client.key -out client.pk8
chmod 600 client.pk8


Open the connection Properties Tab for the PostgreSQL connection and select the Driver Properties category. Edit the following driver properties:

sslcert=/Users/ulf/ssl-postgresql/client.crt
sslkey=/Users/ulf/ssl-postgresql/client.pk8
sslpassword=your_password


Replace file paths and password with the actual file paths and password.


Click Apply and re-connect.