Google Cloud SQL: Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames

[joshxyzhimself]

Context:

• Cloud SQL PostgreSQL: Hostname/IP does not match certificate's altnames GoogleCloudPlatform/nodejs-docs-samples#1735
• How to override checkServerIdentity for ssl connection? db-migrate/node-db-migrate#592

Connection works if rejectUnauthorized is set to false

const sql = postgres({
  // host, port, username, password, etc..
  ssl: { ca, cert, key, rejectUnauthorized: false },
});

Not sure what's the right approach to fix it yet, but putting it out here in case someone encounters it.

Didn't encoutered this one on DigitalOcean's PostgreSQL instances.

[porsager]

Cool.. Someone else is definitely going to bump into this yeah.

You can do as you describe here, but it leaves you open to MITM attacks. Instead I think you should follow the Google Cloud SQL guide on setting ssl up properly https://cloud.google.com/sql/docs/mysql/authorize-ssl

Would love to know how it works out for you 😉

[joshxyzhimself]

Hi there,

Yes I think you're right, I should've read those pages thoroughly.

• https://cloud.google.com/sql/docs/postgres/authorize-ssl
• https://cloud.google.com/sql/docs/postgres/connect-admin-proxy

Thank you very much.

[karlhorky]

Added a PR to document this in the readme here: #126