I downloaded the server & client certificates, but they don't verify using openssl:
openssl verify -verbose -issuer_checks -CAfile /etc/database/certificates/server-ca.pem -purpose sslclient /etc/database/certificates/client-cert.pem
It fails with the message:
CN = Test, O = "Google, Inc", C = US
error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/database/certificates/client-cert.pem: verification failed
Also, when plugging in the file paths into DbVisualizer, I get this error:
Long Message:
FATAL: connection requires a valid client certificate
Details:
Type: org.postgresql.util.PSQLException
SQL State: 28000
My understanding is that the issuer of the client should match the subject of the server, but using the following commands suggest that they don't:
openssl x509 -in /etc/database/certificates//client-cert.pem -noout -issuer
openssl x509 -noout -subject -in /etc/database/certificates/server-ca.pem
issuer=dnQualifier = 319a6a2b-0750-41d3-9b05-16cdf8b121cf, CN = Google Cloud SQL Client CA Test, O = "Google, Inc", C = US
subject=dnQualifier = 41ff6064-07be-43c1-9e00-94a9de7cc5c1, CN = Google Cloud SQL Server CA, O = "Google, Inc", C = US
Any suggestions on how to debug appreciated.