Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1to1nS-0050cY-6U for pgsql-general@arkaria.postgresql.org; Fri, 28 Feb 2025 14:57:03 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1to1nT-008Bjz-0S for pgsql-general@arkaria.postgresql.org; Fri, 28 Feb 2025 14:57:01 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1to1nS-008Bjr-II for pgsql-general@lists.postgresql.org; Fri, 28 Feb 2025 14:57:01 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1to1nN-000BxH-0r for pgsql-general@postgresql.org; Fri, 28 Feb 2025 14:57:00 +0000 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5dee07e51aaso3915914a12.3 for ; Fri, 28 Feb 2025 06:56:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740754616; x=1741359416; darn=postgresql.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=WfTF6pLyaGHd++z0qB0av/55to5KmCa+sQbTiYaoS6U=; b=b81lKBCRIowiciqGO8fj6nALMcz/m7Bs6DLcbvt8oHtpQ4mHHEcLP3krLUGbt0zVKN Nj/BDI+gOHlZgC8KJNYQ2F0VZzgZSBrENtMP55gSUwp86+29XQO2lhwCultlxuZYl9fJ dJNB/SeArZ973+D0edHhUTCfdYD1Fwr1C2RzWQfbwj3Z8hfGUOCHQqCAA4PblPQ5dl58 V6PC0Y6OCdfl6VyyVjJL7BHDQVHLZgPO17o6Iax2wNgVnP0YiKxUhMcsWb2RQ9N1kmiT a48GlCVJCnMCBpyiL6Qo7HLnv6j+obAo1t5VzKHpaPkrIScTSZ5BtK/8ccg1vmWw1CDr L1YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740754616; x=1741359416; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WfTF6pLyaGHd++z0qB0av/55to5KmCa+sQbTiYaoS6U=; b=H14LnvcCuSL7TVCb5MxHE6ost1JXimte6Ecg3nLa/z3qMAx9SrysWJ4lylvakdy7D0 YrjDPqJDDlsGpy/2N4OKF+2/w7DqWTS/LQ9VyfSX33rHsB1kxPBmnnHua0haBtMoPFze ZauZmEDzN3hwTjh1i2c/VHvumJrxg63GP6O5IwurW6DhhctDYws+k8YntBXK4oFen9// 4j8F2mm12za61PLOeZze2xktJI3KbNRYzLF4cMYViDRH5W719pXDoEc9GjsteJ/T6VPh RQ8NhCzBiRCVQYfzeaxbxBcVvnLzkxw3/ios+EaO29BNrZbhrD70dRHNpW2qaDF/5Jin YkFA== X-Gm-Message-State: AOJu0Yy2NKAiclwopggbI1/13yJ01IJFw1XMTbHxSKgfk/Mh5+4RK+du MUlnFVll4OjYjpXaPMTz6bWaa06c27f6xQAQWoUaE9/E8ti/OiTEDrrpN1u3/az048zQpFvenCH fTt/VxqsrE7s6l74qGuC7x/4gO0pQZxMPjxM= X-Gm-Gg: ASbGncvGlO8CoZaKc7ENQDxHWLI26Cqgg9KAZNrRU7WLqZFQ6N+oQrJSqGMkBxWHlEi ajYBrB+ARrelU2E9l8rc0hyrGidPwawC16nljkDbNXd+4eImP0/whsfnbuINiwWQ+MZaEnsc8by ImbUfh4R0s X-Google-Smtp-Source: AGHT+IHK2nBqlEGhED09jGQCM9SOeZQQV3MkjvyO4DRvBttKLG4OzXXmtjbx2JOk6HUBkCwrC3PvI95H1aPgoUkvMm4= X-Received: by 2002:a05:6402:50d1:b0:5de:be17:8 with SMTP id 4fb4d7f45d1cf-5e4d6b7107dmr3282805a12.23.1740754615537; Fri, 28 Feb 2025 06:56:55 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Alexander Farber Date: Fri, 28 Feb 2025 15:56:43 +0100 X-Gm-Features: AQ5f1JrCi7NZ7HK0R62npezToAGdb-vvHwiST9PJv8YZZT9W214Ab8cGUisjpNw Message-ID: Subject: Re: Azure Database for PostgreSQL flexible server: password authentication failed To: pgsql-general Content-Type: multipart/alternative; boundary="000000000000801795062f350475" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000801795062f350475 Content-Type: text/plain; charset="UTF-8" Sorry, correction for the openssl command output: $ openssl s_client -connect 172.21.32.4:5432 -starttls postgres Connecting to 172.21.32.4 CONNECTED(00000003) Can't use SSL_get_servername depth=2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 verify return:1 depth=1 C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 07 verify return:1 depth=0 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN= c1fba9900d4d.database.azure.com verify return:1 --- Certificate chain 0 s:C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN= c1fba9900d4d.database.azure.com i:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 07 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384 v:NotBefore: Feb 25 14:04:55 2025 GMT; NotAfter: Aug 24 14:04:55 2025 GMT 1 s:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 07 i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384 v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT 2 s:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Aug 1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIJAjCCBuqgAwIBAgITMwFrt0ld3qCMMByM7wAAAWu3STANBgkqhkiG9w0BAQwF ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA3 MB4XDTI1MDIyNTE0MDQ1NVoXDTI1MDgyNDE0MDQ1NVowdjELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv ZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH2MxZmJhOTkwMGQ0ZC5kYXRhYmFzZS5h enVyZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DAq18XNN Z/Jmmi7CLNlwEmTXGqAU9O+mNSjoQdFXNkw+CsyvPgohhBv35R/iN0Km8r3MV793 +RgORhpj6I/0nEOTeIJwVZIjSAEO+BDnCcn58vcCNqyES0QJ9IcVFYpu9jT19mAb kvKjbcNbyJX4rKHwToXaDlxOTvaQMESci6XbY1Ixwd5MJHRUyg8c6+RbN1emA1Vm pMPukdlaCZlH9HnD/IXcY/EUJXoQxfYJPupDH5BefQrazwHgF8vCJ9tNuxk/8tu4 leTiQxth6liveloD5QvfEEffgo9kzgT6hGVbi7Rc0u52i1nij3nFlGQAWOCYfr3A 0dAS5vYug7WhAgMBAAGjggSgMIIEnDCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFn AHYAEvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE6+WGJjoAAAGVPXYAAAAABAMA RzBFAiBWJCHBbRAlwMXXEkTLba2Pzp1N8MR4ANBkmP9lgsw0SAIhAKOwOq+62T+g 0BgnVC4EEAC2jqjNPLxHdjZOogDiKQaLAHUAfVkeEuF4KnscYWd8Xv340IdcFKBO lZ65Ay/ZDowuebgAAAGVPXYAmgAABAMARjBEAiAKgJP9C2rqQVsRmN2n2qERvQcc xisnOO41cSr7d1oYTQIgLl7B30ElHd+81o3+jd4WoBTE2lmRUFPqmH3aGBEFoZEA dgAaBP9J0FQdQK/2oMO/8djEZy9O7O4jQGiYaxdALtyJfQAAAZU9dgDWAAAEAwBH MEUCICtDLEVHUfSi+PZ8jOTyBvRSbfj06loyvD2V66cOpYcfAiEAnPy1VHyO+SlE ygBp6CyUdAj5G7dPCQYzfAqy2HFiv3wwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEF BQcDAjAKBggrBgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcb gefrRoKBnS6O0AyH8NodXYKr5zCH7fEfAgFkAgEtMIG0BggrBgEFBQcBAQSBpzCB pDBzBggrBgEFBQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j ZXJ0cy9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBD QSUyMDA3JTIwLSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9j c3AubWljcm9zb2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBTNtIVCLokZd4K37tTOK5Lu JI5hXzAOBgNVHQ8BAf8EBAMCBaAwgakGA1UdEQSBoTCBnoIyY2NnLWRldmVsb3At cG9zdGdyZXNxbC5wb3N0Z3Jlcy5kYXRhYmFzZS5henVyZS5jb22CR2YxYjhmMGMw OTA2YS5jY2ctZGV2ZWxvcC1wb3N0Z3Jlc3FsLnByaXZhdGUucG9zdGdyZXMuZGF0 YWJhc2UuYXp1cmUuY29tgh9jMWZiYTk5MDBkNGQuZGF0YWJhc2UuYXp1cmUuY29t MAwGA1UdEwEB/wQCMAAwagYDVR0fBGMwYTBfoF2gW4ZZaHR0cDovL3d3dy5taWNy b3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwQXp1cmUlMjBSU0ElMjBU TFMlMjBJc3N1aW5nJTIwQ0ElMjAwNy5jcmwwZgYDVR0gBF8wXTBRBgwrBgEEAYI3 TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMAgGBmeBDAECAjAfBgNVHSMEGDAWgBTO FRY76gKjpmva2Sv95YxSvnpQqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH AwEwDQYJKoZIhvcNAQEMBQADggIBAHIlDqGGk6NsNXDVyXsheLN7L9FP4tHjdiwy +GSPgrrb5lWuqTjFWdzYokm0RW/Ez0JX2aq88BueTGUNw6XO9pq/KD44OD8VClJH WeW3NhCKn901uyV9rUMrNZ37oPlM53NP6zkC1qfOy4sLG5UHr+Ne532W0mtVga5K YeeufReC/1Ze/3xZQ6iTxrt39urvDhIpVQZap3GUwTEqiOH6T+kp8DnuwpScLTBB B9HmMModtysYLRH8Gl4jTyLfCdI+hfOavESLev8F+jmgIyEOvHH5bWf/N1Lp2NaE LdbJ5pMcACzkcG71TTUGhrDums4ukng9ggJ+jQ+dS7n5eXVF+H7GbA1bj+wKq8UB dXEHinaPin4Xer4KqKMV62lHclEMQzvzI6KH9OT4+wKi6dZ78MVmCvJJJsZKk0dP dfnK6/Nbw5khDPXqEvQru86cRU0KGrUuKOCF0yeeXMc1kyU4O6cAhScMwbQ+WXTN TpSflR4NK4+QIoc9yShP9oAQV4uvAO8WtH5fzWYKyuY4oPJlyecLXzfo1Ll+vipx DaOc/pNY6WUKNz3b4qRSP8iPArvyi8ZSRn7so1Dsuk9+225cs67WQKnA05YZc1hO S3PVFN2225qZ0NLxAFQbDp5zb9QWFOpylzwYXW1+FNzpM1RDTL6us5kn3Ip4F+FY HQ8wk+6o -----END CERTIFICATE----- subject=C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN= c1fba9900d4d.database.azure.com issuer=C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 07 --- Acceptable client certificate CA names DC=GBL, DC=AME, CN=AME INFRA CA 01 DC=GBL, DC=AME, CN=AME Infra CA 02 DC=GBL, DC=AME, CN=AME Infra CA 03 DC=GBL, DC=AME, CN=AME Infra CA 04 DC=GBL, DC=AME, CN=AME Infra CA 05 DC=GBL, DC=AME, CN=AME Infra CA 06 CN=AME G1 TLS RSA 2048 SHA256 2024 CUS CA 07 CN=AME G1 TLS RSA 2048 SHA256 2024 EUS2 CA 07 CN=AME G1 TLS RSA 2048 SHA256 2024 EUS2EUAP CA 07 CN=AME G1 TLS RSA 2048 SHA256 2024 WCUS CA 07 CN=AME G1 TLS RSA 2048 SHA256 2024 WUS2 CA 07 CN=MSIT CA Z2 C=US, O=Microsoft Corporation, CN=MSFT BALT RS256 CA C=US, O=Microsoft Corporation, CN=MSFT RS256 CA-1 C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04 C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 07 C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08 C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 03 C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 04 C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 07 C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 08 C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing AOC CA 01 C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing AOC CA 02 C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing EOC CA 02 C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing EOC CA 01 C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing EOC CA 01 C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing AOC CA 01 C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing AOC CA 02 C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing EOC CA 02 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certificat ion Authority - L1K C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2014 Entrust, Inc. - for authorized use only, CN=Entrust Certificat ion Authority - L1M CN=CCME G1 TLS RSA 2048 SHA256 2049 CUS CA 01 CN=CCME G1 TLS RSA 2048 SHA256 2049 EUS2 CA 01 CN=CCME G1 TLS RSA 2048 SHA256 2049 EU2C CA 01 CN=CCME G1 TLS RSA 2048 SHA256 2049 WCUS CA 01 CN=CCME G1 TLS RSA 2048 SHA256 2049 WUS2 CA 01 DC=GBL, DC=AME, CN=ameroot CN=Microsoft Internal Corporate Root C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017 C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Author ity - G2 C=US, O=Microsoft Corporation, CN=Commercial Cloud Root CA R1 Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PS S+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1 Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512 :RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 9903 bytes and written 749 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit This TLS version forbids renegotiation. No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- But then psql fails: $ psql "postgresql://postgres:password12345!!@ 172.21.32.4:5432/postgres?sslmode=require" psql: error: connection to server at "172.21.32.4", port 5432 failed: FATAL: password authentication failed for user "postgres" --000000000000801795062f350475 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Sorry, correction for the openssl command output:

$ openssl s_client -connect 172.21.3= 2.4:5432 -starttls postgres
Connecting to 172.21.32.4
CONNECTED(0= 0000003)
Can't use SSL_get_servername
depth=3D2 C=3DUS, O=3DDigiC= ert Inc, OU=3Dw= ww.digicert.com, CN=3DDigiCert Global Root G2
verify return:1
dep= th=3D1 C=3DUS, O=3DMicrosoft Corporation, CN=3DMicrosoft Azure RSA TLS Issu= ing CA 07
verify return:1
depth=3D0 C=3DUS, ST=3DWA, L=3DRedmond, O= =3DMicrosoft Corporation, CN=3Dc1fba9900d4d.database.azure.com
verify return:1
---
Cer= tificate chain
0 s:C=3DUS, ST=3DWA, L=3DRedmond, O=3DMicrosoft Corporati= on, CN=3Dc1fba9900d4d.da= tabase.azure.com
=C2=A0=C2=A0 i:C=3DUS, O=3DMicrosoft Corporation, C= N=3DMicrosoft Azure RSA TLS Issuing CA 07
=C2=A0=C2=A0 a:PKEY: rsaEncryp= tion, 2048 (bit); sigalg: RSA-SHA384
=C2=A0=C2=A0 v:NotBefore: Feb 25 14= :04:55 2025 GMT; NotAfter: Aug 24 14:04:55 2025 GMT
1 s:C=3DUS, O=3DMicr= osoft Corporation, CN=3DMicrosoft Azure RSA TLS Issuing CA 07
=C2=A0=C2= =A0 i:C=3DUS, O=3DDigiCert Inc, OU=3Dwww.digicert.com, CN=3DDigiCert Global Root G2=C2=A0=C2=A0 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
=C2= =A0=C2=A0 v:NotBefore: Jun=C2=A0 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:5= 9:59 2026 GMT
2 s:C=3DUS, O=3DDigiCert Inc, OU=3Dwww.digicert.com, CN=3DDigiCert Gl= obal Root G2
=C2=A0=C2=A0 i:C=3DUS, O=3DDigiCert Inc, OU=3Dwww.digicert.com, CN=3DD= igiCert Global Root G2
=C2=A0=C2=A0 a:PKEY: rsaEncryption, 2048 (bit); s= igalg: RSA-SHA256
=C2=A0=C2=A0 v:NotBefore: Aug=C2=A0 1 12:00:00 2013 GM= T; NotAfter: Jan 15 12:00:00 2038 GMT
---
Server certificate
-----= BEGIN CERTIFICATE-----
MIIJAjCCBuqgAwIBAgITMwFrt0ld3qCMMByM7wAAAWu3STANB= gkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv= cmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA= 3
MB4XDTI1MDIyNTE0MDQ1NVoXDTI1MDgyNDE0MDQ1NVowdjELMAkGA1UEBhMCVVMx
Cz= AJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29yc= G9yYXRpb24xKDAmBgNVBAMTH2MxZmJhOTkwMGQ0ZC5kYXRhYmFzZS5h
enVyZS5jb20wggEi= MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DAq18XNN
Z/Jmmi7CLNlwEmTXGqAU9O+= mNSjoQdFXNkw+CsyvPgohhBv35R/iN0Km8r3MV793
+RgORhpj6I/0nEOTeIJwVZIjSAEO+B= DnCcn58vcCNqyES0QJ9IcVFYpu9jT19mAb
kvKjbcNbyJX4rKHwToXaDlxOTvaQMESci6XbY= 1Ixwd5MJHRUyg8c6+RbN1emA1Vm
pMPukdlaCZlH9HnD/IXcY/EUJXoQxfYJPupDH5BefQra= zwHgF8vCJ9tNuxk/8tu4
leTiQxth6liveloD5QvfEEffgo9kzgT6hGVbi7Rc0u52i1nij3n= FlGQAWOCYfr3A
0dAS5vYug7WhAgMBAAGjggSgMIIEnDCCAX0GCisGAQQB1nkCBAIEggFtBI= IBaQFn
AHYAEvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE6+WGJjoAAAGVPXYAAAAABAMA<= br>RzBFAiBWJCHBbRAlwMXXEkTLba2Pzp1N8MR4ANBkmP9lgsw0SAIhAKOwOq+62T+g
0Bgn= VC4EEAC2jqjNPLxHdjZOogDiKQaLAHUAfVkeEuF4KnscYWd8Xv340IdcFKBO
lZ65Ay/ZDow= uebgAAAGVPXYAmgAABAMARjBEAiAKgJP9C2rqQVsRmN2n2qERvQcc
xisnOO41cSr7d1oYTQ= IgLl7B30ElHd+81o3+jd4WoBTE2lmRUFPqmH3aGBEFoZEA
dgAaBP9J0FQdQK/2oMO/8djEZ= y9O7O4jQGiYaxdALtyJfQAAAZU9dgDWAAAEAwBH
MEUCICtDLEVHUfSi+PZ8jOTyBvRSbfj0= 6loyvD2V66cOpYcfAiEAnPy1VHyO+SlE
ygBp6CyUdAj5G7dPCQYzfAqy2HFiv3wwJwYJKwY= BBAGCNxUKBBowGDAKBggrBgEF
BQcDAjAKBggrBgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBi= UrBgEEAYI3FQiHvdcb
gefrRoKBnS6O0AyH8NodXYKr5zCH7fEfAgFkAgEtMIG0BggrBgEFB= QcBAQSBpzCB
pDBzBggrBgEFBQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w= cy9j
ZXJ0cy9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDA3JTIwLSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9j
c3AubW= ljcm9zb2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBTNtIVCLokZd4K37tTOK5Lu
JI5hXzAOBgNVH= Q8BAf8EBAMCBaAwgakGA1UdEQSBoTCBnoIyY2NnLWRldmVsb3At
cG9zdGdyZXNxbC5wb3N0= Z3Jlcy5kYXRhYmFzZS5henVyZS5jb22CR2YxYjhmMGMw
OTA2YS5jY2ctZGV2ZWxvcC1wb3N= 0Z3Jlc3FsLnByaXZhdGUucG9zdGdyZXMuZGF0
YWJhc2UuYXp1cmUuY29tgh9jMWZiYTk5MD= BkNGQuZGF0YWJhc2UuYXp1cmUuY29t
MAwGA1UdEwEB/wQCMAAwagYDVR0fBGMwYTBfoF2gW= 4ZZaHR0cDovL3d3dy5taWNy
b3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwQXp1= cmUlMjBSU0ElMjBU
TFMlMjBJc3N1aW5nJTIwQ0ElMjAwNy5jcmwwZgYDVR0gBF8wXTBRBgw= rBgEEAYI3
TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3= Br
aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMAgGBmeBDAECAjAfBgNVHSMEGDAWgBTO
F= RY76gKjpmva2Sv95YxSvnpQqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
AwEwDQYJ= KoZIhvcNAQEMBQADggIBAHIlDqGGk6NsNXDVyXsheLN7L9FP4tHjdiwy
+GSPgrrb5lWuqTj= FWdzYokm0RW/Ez0JX2aq88BueTGUNw6XO9pq/KD44OD8VClJH
WeW3NhCKn901uyV9rUMrNZ= 37oPlM53NP6zkC1qfOy4sLG5UHr+Ne532W0mtVga5K
YeeufReC/1Ze/3xZQ6iTxrt39urvD= hIpVQZap3GUwTEqiOH6T+kp8DnuwpScLTBB
B9HmMModtysYLRH8Gl4jTyLfCdI+hfOavESL= ev8F+jmgIyEOvHH5bWf/N1Lp2NaE
LdbJ5pMcACzkcG71TTUGhrDums4ukng9ggJ+jQ+dS7n= 5eXVF+H7GbA1bj+wKq8UB
dXEHinaPin4Xer4KqKMV62lHclEMQzvzI6KH9OT4+wKi6dZ78M= VmCvJJJsZKk0dP
dfnK6/Nbw5khDPXqEvQru86cRU0KGrUuKOCF0yeeXMc1kyU4O6cAhScMw= bQ+WXTN
TpSflR4NK4+QIoc9yShP9oAQV4uvAO8WtH5fzWYKyuY4oPJlyecLXzfo1Ll+vipx=
DaOc/pNY6WUKNz3b4qRSP8iPArvyi8ZSRn7so1Dsuk9+225cs67WQKnA05YZc1hO
S3P= VFN2225qZ0NLxAFQbDp5zb9QWFOpylzwYXW1+FNzpM1RDTL6us5kn3Ip4F+FY
HQ8wk+6o-----END CERTIFICATE-----
subject=3DC=3DUS, ST=3DWA, L=3DRedmond, O=3D= Microsoft Corporation, CN=3Dc1fba9900d4d.database.azure.com
issuer=3DC=3DUS, O=3DMicrosoft C= orporation, CN=3DMicrosoft Azure RSA TLS Issuing CA 07
---
Acceptable= client certificate CA names
DC=3DGBL, DC=3DAME, CN=3DAME INFRA CA 01DC=3DGBL, DC=3DAME, CN=3DAME Infra CA 02
DC=3DGBL, DC=3DAME, CN=3DAME I= nfra CA 03
DC=3DGBL, DC=3DAME, CN=3DAME Infra CA 04
DC=3DGBL, DC=3DAM= E, CN=3DAME Infra CA 05
DC=3DGBL, DC=3DAME, CN=3DAME Infra CA 06
CN= =3DAME G1 TLS RSA 2048 SHA256 2024 CUS CA 07
CN=3DAME G1 TLS RSA 2048 SH= A256 2024 EUS2 CA 07
CN=3DAME G1 TLS RSA 2048 SHA256 2024 EUS2EUAP CA 07=
CN=3DAME G1 TLS RSA 2048 SHA256 2024 WCUS CA 07
CN=3DAME G1 TLS RSA = 2048 SHA256 2024 WUS2 CA 07
CN=3DMSIT CA Z2
C=3DUS, O=3DMicrosoft Cor= poration, CN=3DMSFT BALT RS256 CA
C=3DUS, O=3DMicrosoft Corporation, CN= =3DMSFT RS256 CA-1
C=3DUS, O=3DMicrosoft Corporation, CN=3DMicrosoft Azu= re RSA TLS Issuing CA 03
C=3DUS, O=3DMicrosoft Corporation, CN=3DMicroso= ft Azure RSA TLS Issuing CA 04
C=3DUS, O=3DMicrosoft Corporation, CN=3DM= icrosoft Azure RSA TLS Issuing CA 07
C=3DUS, O=3DMicrosoft Corporation, = CN=3DMicrosoft Azure RSA TLS Issuing CA 08
C=3DUS, O=3DDigiCert Inc, CN= =3DDigiCert Global G2 TLS RSA SHA256 2020 CA1
C=3DUS, O=3DDigiCert Inc, = CN=3DDigiCert SHA2 Secure Server CA
C=3DUS, O=3DDigiCert Inc, CN=3DDigiC= ert TLS RSA SHA256 2020 CA1
C=3DUS, O=3DDigiCert Inc, CN=3DDigiCert TLS = Hybrid ECC SHA384 2020 CA1
C=3DUS, O=3DMicrosoft Corporation, CN=3DMicro= soft Azure ECC TLS Issuing CA 03
C=3DUS, O=3DMicrosoft Corporation, CN= =3DMicrosoft Azure ECC TLS Issuing CA 04
C=3DUS, O=3DMicrosoft Corporati= on, CN=3DMicrosoft Azure ECC TLS Issuing CA 07
C=3DUS, O=3DMicrosoft Cor= poration, CN=3DMicrosoft Azure ECC TLS Issuing CA 08
C=3DUS, O=3DMicroso= ft Corporation, CN=3DMicrosoft ECC TLS Issuing AOC CA 01
C=3DUS, O=3DMic= rosoft Corporation, CN=3DMicrosoft ECC TLS Issuing AOC CA 02
C=3DUS, O= =3DMicrosoft Corporation, CN=3DMicrosoft ECC TLS Issuing EOC CA 02
C=3DU= S, O=3DMicrosoft Corporation, CN=3DMicrosoft ECC TLS Issuing EOC CA 01
C= =3DUS, O=3DMicrosoft Corporation, CN=3DMicrosoft RSA TLS Issuing EOC CA 01<= br>C=3DUS, O=3DMicrosoft Corporation, CN=3DMicrosoft RSA TLS Issuing AOC CA= 01
C=3DUS, O=3DMicrosoft Corporation, CN=3DMicrosoft RSA TLS Issuing AO= C CA 02
C=3DUS, O=3DMicrosoft Corporation, CN=3DMicrosoft RSA TLS Issuin= g EOC CA 02
C=3DUS, O=3DEntrust, Inc., OU=3DSee www.ent= rust.net/legal-terms, OU=3D(c) 2012 Entrust, Inc. - for authorized use = only, CN=3DEntrust Certificat
ion Authority - L1K
C=3DUS, O=3DEntrust= , Inc., OU=3DSee www.entrust.net/legal-terms, OU=3D(c)= 2014 Entrust, Inc. - for authorized use only, CN=3DEntrust Certificat
i= on Authority - L1M
CN=3DCCME G1 TLS RSA 2048 SHA256 2049 CUS CA 01
CN= =3DCCME G1 TLS RSA 2048 SHA256 2049 EUS2 CA 01
CN=3DCCME G1 TLS RSA 2048= SHA256 2049 EU2C CA 01
CN=3DCCME G1 TLS RSA 2048 SHA256 2049 WCUS CA 01=
CN=3DCCME G1 TLS RSA 2048 SHA256 2049 WUS2 CA 01
DC=3DGBL, DC=3DAME,= CN=3Dameroot
CN=3DMicrosoft Internal Corporate Root
C=3DIE, O=3DBalt= imore, OU=3DCyberTrust, CN=3DBaltimore CyberTrust Root
C=3DUS, O=3DDigiC= ert Inc, OU=3Dw= ww.digicert.com, CN=3DDigiCert Global Root G2
C=3DUS, O=3DDigiCert I= nc, OU=3Dwww.di= gicert.com, CN=3DDigiCert Global Root CA
C=3DUS, O=3DDigiCert Inc, O= U=3Dwww.digicer= t.com, CN=3DDigiCert Global Root G3
C=3DUS, O=3DMicrosoft Corporatio= n, CN=3DMicrosoft ECC Root Certificate Authority 2017
C=3DUS, O=3DMicros= oft Corporation, CN=3DMicrosoft RSA Root Certificate Authority 2017
C=3D= US, O=3DEntrust, Inc., OU=3DSee www.entrust.net/legal-term= s, OU=3D(c) 2009 Entrust, Inc. - for authorized use only, CN=3DEntrust = Root Certification Author
ity - G2
C=3DUS, O=3DMicrosoft Corporation,= CN=3DCommercial Cloud Root CA R1
Requested Signature Algorithms: ECDSA+= SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_p= ss_sha384:rsa_pss_pss_sha512:RSA-PS
S+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA5= 12:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+= SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:EC= DSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_= sha512
:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA3= 84:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PS= S
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake ha= s read 9903 bytes and written 749 bytes
Verification: OK
---
New, = TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit<= br>This TLS version forbids renegotiation.
No ALPN negotiated
Early d= ata was not sent
Verify return code: 0 (ok)
---

But then psql = fails:

$ psql "postgresql://postgres:password12345!= !@172.21.32.= 4:5432/postgres?sslmode=3Drequire"
psql: error: connecti= on to server at "172.21.32.4", port 5432 failed: FATAL:=C2=A0 pas= sword authentication failed for user "postgres"
<= br>
--000000000000801795062f350475--