<@U04SE163WC8> selected SSL modes as 'require', bu...
# ask-ais
stanley
07/17/2024, 3:44 PM@kapa.ai selected SSL modes as 'require', but tell me step by step instructions on providing CA certificate/client cert/client private key using UI. I do not see any options in postgres to do so
k
kapa.ai
07/17/2024, 3:44 PMBased on the knowledge sources provided, it seems that the option to provide a CA certificate, client certificate, and client private key is not available when the SSL mode is set to 'require' in the Postgres source connector UI. However, when you set the SSL mode to 'verify-ca' or 'verify-full', you should be able to provide these details. Here are the steps to do so: 1. From your Airbyte Cloud or Airbyte Open Source account, select
SourcesPostgress
stanley
07/17/2024, 6:53 PM@kapa.ai I provided root certs .pem file and choose SSL mode as 'verify-ca' for postgres destination. SSL connection tab is checked. Got this error after hitting 'set up source', 'status code=08006, ssl error : PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target'
k
kapa.ai
07/17/2024, 6:53 PMA message from kapa.ai
kapa.ai
07/17/2024, 6:54 PMThe error message you're seeing typically indicates that the SSL certificate provided is not trusted by the Java environment running the Airbyte server. This could be due to a missing or incorrect root certificate, or the certificate chain not being fully trusted. Here are a few steps you can take to troubleshoot this issue: 1. Verify the SSL certificate and key: Ensure that the SSL certificate and key are correctly configured and are located in the specified directories. The certificate should be in the correct format (.pem) and should include the full certificate chain ([source](https://discuss.airbyte.io/t/3370)). 2. Check the logs: Look at the log files for the Airbyte application and the PostgreSQL server for any error messages that might provide more information about the issue. 3. Check the PostgreSQL server configuration: Make sure that the PostgreSQL server is configured to allow SSL connections and that the correct SSL mode is set. The SSL mode should be 'verify-ca' as you have already set ([source](https://docs.airbyte.com/integrations/sources/postgres#step-2-create-a-new-postgres-source-in-airbyte-ui)). 4. Try a different SSL mode: If possible, try using a different SSL mode, such as 'require', to see if the issue is related to the 'verify-ca' mode. Please note that this will only work if your PostgreSQL server supports the 'require' mode and does not require certificate verification ([source](https://docs.airbyte.com/integrations/sources/postgres#ssl-modes)). 5. Check network and firewall settings: Ensure that connections to the PostgreSQL server are not being blocked by any network or firewall settings. If the issue persists, you may need to add the root certificate to the Java keystore of the Airbyte server. This process is not covered in the provided knowledge sources, so you may need to refer to the Java documentation or seek help from the Airbyte community or support.