sqlalchemy-redshift: Cannot connect to Redshift due to hostname error

(psycopg2.OperationalError) server certificate for “ec2-[IP address].compute-1.amazonaws.com” does not match host name “[Hostname].redshift.amazonaws.com”

The same connection URI was fine until last Friday. I’ve checked that both hostnames correspond to the same IP address. If I set 'sslmode': 'prefer' in dialect.py, the connection is successful.

According to https://docs.aws.amazon.com/redshift/latest/mgmt/connecting-ssl-support.html,

SSL support in Amazon Redshift is strictly for encrypting the connection between your client and your cluster; it should not be relied on for authenticating the server. To authenticate the server, install the public key (.pem file) for the SSL certificate on your client and use the key to connect to your clusters.

Perhaps sslmode: require should be the default?

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 34 (17 by maintainers)

Most upvoted comments

@jrpope2014 ah woops, of course that’s because PG doesn’t handshake straight away, it waits for STARTTLS. You need something like: https://github.com/thusoy/postgres-mitm/blob/master/postgres_get_server_cert.py

+1
graingert on Oct 10, 2017
Read more comments on GitHub
← sqlalchemy-redshift: autoincrement=True Column() kwarg does not work
sqlalchemy-redshift: Redshift does not support sequences →