Unable to connect with psql: SSL error: invalid padding

578 views
Skip to first unread message

Matthias Baetens

unread,
Jan 18, 2019, 12:11:49 PM1/18/19
to Google Cloud SQL discuss

I am trying to connect to a Postgres instance running on Google Cloud Platform using psql.


I got the certificate using:

gcloud beta sql ssl server-ca-certs list --instance=[instance-name] --format='value(cert)' > server-ca.pem

and then tried connecting using psql to the instance using:

psql "host=[ip] port=[port] user=[user] dbname=[db] sslmode=verify-ca sslrootcert=server-ca.pem"


This returns the error: SSL error: invalid padding


I have checked the certificate for valid unix endlines, changed the wrapping (making sure the whole certificate fits on one line, etc.)

Any pointers into what might be going wrong here or how to debug this are very welcome!

Matthias Baetens

unread,
Jan 18, 2019, 12:11:49 PM1/18/19
to Google Cloud SQL discuss

I am trying to connect to a Postgres instance running on Google Cloud Platform using psql.


I got the certificate using:

gcloud beta sql ssl server-ca-certs list --instance=[instance-name] --format='value(cert)' > server-ca.pem

and then tried connecting using psql to the instance using:

psql "host=[ip] port=[port] user=[user] dbname=[db] sslmode=verify-ca sslrootcert=server-ca.pem"


This returns the error: SSL error: invalid padding.

George (Cloud Platform Support)

unread,
Jan 18, 2019, 3:10:44 PM1/18/19
to Google Cloud SQL discuss
Hello Matthias, 

If your instance is configured to use SSL, go to the Cloud SQL Instances page in the GCP Console and open the instance. Open its Connections page and make sure that your server certificate is valid. If it has expired, you must add a new certificate and rotate to it. You may gather more detail from the "Configuring SSL/TLS" documentation page

Matthias Baetens

unread,
Jan 21, 2019, 12:09:10 PM1/21/19
to Google Cloud SQL discuss
Hi George,

Many thanks for your reply. I did this and everything is still valid and looks alright.
As extra information I'd want to add that this is working fine on my windows machine, but establishing a connection using the certificates using psql on Windows Subsystem for Linux or from a Docker container is what is causing issues.

Hope you can help shed a light on this!
-M

George (Cloud Platform Support)

unread,
Jan 23, 2019, 12:55:59 PM1/23/19
to Google Cloud SQL discuss
Hi Matthias, 

The usual procedure starts with Cloud SQL creating a server certificate automatically when you create your instance. In your situation, simply creating a new client certificate using the Developers' Console rather than command line might prove most effective, and time-saving. The detailed procedure can be accessed in sub-chapter Creating a new client certificate. A real problem would present itself if you follow the procedure ad litteram and the error is still there. 
Reply all
Reply to author
Forward
0 new messages