I am hoping someone can help me figure this out. Set up a PostgreSQL instance on Google Cloud and only allowing SSL connections. Generated the client certificates and downloaded them. I put the client-key.pem file in the same folder as my Xojo project. This is the code I am using:
Var certFile As New FolderItem(“client-key.pem”)
Var db As New PostgreSQLDatabase
db.Host = “”
db.SSLMode = PostgreSQLDatabase.SSLRequire
db.SSLCertificate = certFile
db.Port = 5432
db.DatabaseName = “”
db.UserName = “”
db.Password = “”
Try
db.Connect
Catch error As DatabaseException
MessageBox("Connection Failed: " + error.Message)
End Try
The error I get:
Probably an issue with CRLF or the format: pure ASCII should work best. Checking your certfile in an editor and playing around with encodings (in the textfile and/or Xojo) will most likely bring you back on track.
It’s a bit of a difficult topic, as for security reasons you can’t share your certs 
but I hope this gives you a bit of input to further investigate.
The good news: once it will be running, you will never have to care about it again, worth all efforts.
1 Like
Thank you! I am going to play around with the formatting/encoding and see what happens. I really appreciate the suggestion and rapid response.
1 Like
I believe the CRLK are likely causing the issue. You need to analyze what hits Xojo exactly in the debugger. Best ready you file first into a variable, perhaps change encoding and only then use it in your coding:
Var myCert as String
[...]
db.SSLCertificate = myCert
[...]
1 Like
Thank you for your suggestions. I made one ridiculously stupid, amateurish mistake - I was specifying the key file and not the certificate in PostgreSQLDatabase.SSLCertificate. I was experimenting and one of the errors let me to believe that I needed to use the private key as it was “missing” when I initially tried to use the certificate. Honestly, I just don’t know enough about the intricacies of SSL certs and how they work in Xojo. Still, I should have known better.
Anyway, I specified the certificate like this and made sure to use the right SSL mode:
Var certFile As New FolderItem(“client-cert.pem”)
[…]
db.SSLMode = PostgreSQLDatabase.SSLRequire
Then I got this error: Connection Failed: certificate present, but not private key file "/Users/Aaron/.postgresql/postgresql.key"
So, I had to create a hidden folder (~/.postgresql/) that did not previously exist, copy the key file (client-key.pem) provided by Google Cloud into the newly created hidden folder and then rename the key file to postgresql.key. Finally, to restrict access to the key, I had to run the following terminal command:
chmod 0600 ~/.postgresql/postgresql.key
I was finally able to connect to my Google Cloud PostgreSQL instance via SSL.
If I gave you the complete picture and not just limited code snippets, you would have identified my errors. I sent you down the wrong path and for that I apologize. 
This link was helpful as well: https://www.postgresql.org/docs/9.0/libpq-ssl.html
1 Like
Been there, done that :-). As I told you: once you got it right, you will never forget it. Great that you got it up and running!
1 Like