Error Connecting to Google Cloud PostgreSQL with SSL Certificate

I am hoping someone can help me figure this out. Set up a PostgreSQL instance on Google Cloud and only allowing SSL connections. Generated the client certificates and downloaded them. I put the client-key.pem file in the same folder as my Xojo project. This is the code I am using:

Var certFile As New FolderItem(“client-key.pem”)
Var db As New PostgreSQLDatabase
db.Host = “”
db.SSLMode = PostgreSQLDatabase.SSLRequire
db.SSLCertificate = certFile
db.Port = 5432
db.DatabaseName = “”
db.UserName = “”
db.Password = “”
Catch error As DatabaseException
MessageBox("Connection Failed: " + error.Message)
End Try

The error I get:


Probably an issue with CRLF or the format: pure ASCII should work best. Checking your certfile in an editor and playing around with encodings (in the textfile and/or Xojo) will most likely bring you back on track.

It’s a bit of a difficult topic, as for security reasons you can’t share your certs :wink: but I hope this gives you a bit of input to further investigate.

The good news: once it will be running, you will never have to care about it again, worth all efforts.

1 Like

Thank you! I am going to play around with the formatting/encoding and see what happens. I really appreciate the suggestion and rapid response.

1 Like

I believe the CRLK are likely causing the issue. You need to analyze what hits Xojo exactly in the debugger. Best ready you file first into a variable, perhaps change encoding and only then use it in your coding:

Var myCert as String
db.SSLCertificate = myCert
1 Like

Thank you for your suggestions. I made one ridiculously stupid, amateurish mistake - I was specifying the key file and not the certificate in PostgreSQLDatabase.SSLCertificate. I was experimenting and one of the errors let me to believe that I needed to use the private key as it was “missing” when I initially tried to use the certificate. Honestly, I just don’t know enough about the intricacies of SSL certs and how they work in Xojo. Still, I should have known better.

Anyway, I specified the certificate like this and made sure to use the right SSL mode:

Var certFile As New FolderItem(“client-cert.pem”)
db.SSLMode = PostgreSQLDatabase.SSLRequire

Then I got this error: Connection Failed: certificate present, but not private key file "/Users/Aaron/.postgresql/postgresql.key"

So, I had to create a hidden folder (~/.postgresql/) that did not previously exist, copy the key file (client-key.pem) provided by Google Cloud into the newly created hidden folder and then rename the key file to postgresql.key. Finally, to restrict access to the key, I had to run the following terminal command:

chmod 0600 ~/.postgresql/postgresql.key

I was finally able to connect to my Google Cloud PostgreSQL instance via SSL.

If I gave you the complete picture and not just limited code snippets, you would have identified my errors. I sent you down the wrong path and for that I apologize. :grimacing:

This link was helpful as well:

1 Like

Been there, done that :-). As I told you: once you got it right, you will never forget it. Great that you got it up and running!

1 Like