Has anyone had luck troubleshooting "
Has anyone had luck troubleshooting "Invalid certificate verification context" when creating a Hyperdrive configuration through a Tunnel?
8 Replies
Is your database set up with ssl on?
Yep, it's a pretty locked down architecture, but I've connected using sslmode=require from psql on the server where the Tunnel is running.
The underlying Hyperdrive error code is 2015, with a message containing SSLV3_ALERT_HANDSHAKE_FAILURE and HANDSHAKE_FAILURE_ON_CLIENT_HELLO. I thought it could be because this is an AWS-issued cert, but the Hyperdrive docs seem to indicate it doesn't validate the chain
Do you get a similar error when you attempt the same psql from outside the server?
This VPC has only private IP addresses, so I can't reach it from outside the VPC. psql is working correctly, though, it's when I try to create the Hyperdrive instance that these errors come up
And the Tunnel shows as healthy
Ok thank you, if it's alright I may have you try a few things to troubleshoot this issue. Let me DM to ask a bit more about your set up
Sounds good
Which cloud are you using? Fly is one provider that I know doesn't play well with tunnels
This has been resolved. this turned out to be related to a dns issue where the public hostname used for the tunnel was missing an edge certificate for nested subdomains (ie wildcard *. *.company.com)