GoogleCloudPlatform
Facing SSL handshake issue while connect to postgres17 instance in google cloud
"message":"[${Connection_Name}] failed to connect to instance: dial error: handshake failed (connection name = ""${Connection_Name): dial error: failed to verify certificate (connection name = "${Connection_Name"): tls: failed to verify certificate: x509: certificate signed by unknown authority"}
PSQL Version: 17 CloudSQL_Proxy_Versin: 2.18.2 (Tried 2.14.0 as well)
Authtype: IAM
Hi @sbonam342,
To help diagnose the SSL handshake issue you're encountering, would you be comfortable sharing the instance connection name? Along with that, can you please provide the versions of other dependencies you are using, such as the Go version?
HI @kgala2,
Thanks for the response.
I can't share exact instance name but
we are running as sidecar container with below args
args: - "--private-ip" - "--auto-iam-authn" - "--structured-logs" - "--debug-logs" - "--port=5432" - "${Project_ID}:europe-west2:{Instance_name}"
Docker Image we are using gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.18.2
We could able to connect to Postgres_15 instance with same setup.
Hi @sbonam342 ,
Can you share the environment details about the main application that's using the cloud sql proxy? If the application is using Go versions listed here - https://github.com/GoogleCloudPlatform/cloud-sql-go-connector/pull/1028, you might want to change the version.
Hi @kgala2,
Cloudsql-proxy is being used by spring-boot application java21 and we also tested with psql client which resulted the same.
Hi @sbonam342,
Are you using a Google-managed Server CA or a Custom/Customer-Managed CA Service (CAS)? Have you recently performed any certificate rotation on the instance? Rotating certificates can resolve issues caused by mismatches between the instance's server certificate and what the proxy expects.
Hi @kgala2 ,
We are using Google managed internal certificate authority and haven't performed any cert, We tried doing reset SSL configuration which resulted same..